America Online, Inc. (AOL) welcomes the opportunity to submit this paper to the National Telecommunications & Information Administration of the Department of Commerce. As the largest Internet online service provider, AOL is keenly aware of both the benefits and risks of the online environment. Internet and online services offer consumers and businesses mutually beneficial opportunities for commerce, while enabling truly seamless communications. Consumers in the online environment can control the information they receive and avoid material in which they have no interest by seeking out information about products and services they want or need. At the same time, however, the online environment presents unique consumer privacy issues, as personal information about consumers is easily collected and transferred online. AOL believes that it is critical for companies operating in the online world to address consumer privacy concerns as a pre-requisite for developing online commerce.

In particular, AOL has a unique relationship with its subscribers that enables the company to modify its services to make each member's online experience as personally relevant, enjoyable, and affordable as possible. In doing so, AOL has spent considerable time balancing consumer privacy and the careful, appropriate use of consumer information continually to improve each member's online experience.

This paper outlines: The Privacy Policy that AOL has currently put in place as a company; the company's efforts to address issues related to consumer privacy in the online industry generally; and AOL's efforts to educate consumers about user privacy.

AOL'S CURRENT PRIVACY PROTECTIONS

Background on AOL's Privacy Policy

The road to the information superhighway is littered with the carcasses of companies that attempted to furnish online services to the American consumer. To name just one illustration, Times Mirror and others collectively spent hundreds of millions of dollars in the 1980s and early 1990s in failed attempts to bring the information age to America's living room. Even success is elusive: Only two years ago America Online and two other pioneers were principal competitors in the consumer online market; now AOL stands alone in its market. Experience shows that the only way to succeed is to understand the needs and interests of online customers. To accomplish this, online service providers need to collect and study data about customers' online experience. Yet, the customers' online experience can reveal personal information that they do not wish to have indiscriminately collected, used, or distributed to others.

By way of illustration, AOL for years has been the leading provider of chat and other new forms of interactive communication like instant messages. Because of the sensitive nature of these communications, members have long demanded that AOL respect the privacy and confidentiality of their communications and usage records. AOL has responded to its customers' demands by ensuring the privacy of these communications and records.

AOL's sensitivity to the public's concern about the company's collecting information about online usage and using it for internal purposes was heightened well before several publicized incidents. In October of 1994, for example, there were erroneous reports that AOL was selling information about subscribers' online usage patterns. In fact, AOL was only following the traditional practice of publishers and cable TV companies of renting subscriber lists (i.e., names and addresses of members) and had not disclosed any information about members' online usage. Regardless of their accuracy, such reports led to an informal inquiry from Congressman Edward Markey (D-MA.) about the protection of personal privacy in the online world. AOL clarified its practices and the industry, through its trade association, the Interactive Services Association (ISA), responded to the confusion about industry practices by promptly issuing its "Guidelines on Online Solicitation." These guidelines were the precursor of more comprehensive industry guidelines on data practices, electronic solicitation, and children's marketing. See "The Interactive Services Association and the Direct Marketing Association" under the Industry Initiatives section below.

During the summer of 1995, the FBI publicized its "innocent images" investigation into the online distribution of child pornography. In connection with this investigation, AOL cooperated with law enforcement agencies in providing limited records that were specifically identified in validly-issued, probable-cause search warrants. Nevertheless, rumors spread about the lack of privacy on AOL and in cyberspace.

Growing privacy concerns of AOL members and the general public and a changing business model that would increasingly rely on online commerce and advertising provided the impetus for AOL to develop a more detailed and comprehensive set of privacy and data use principles as described below. AOL issued its new and more comprehensive set of policies protecting the personal privacy of its members ("Privacy Policy") in April of 1996. Previously, AOL's subscriber agreement (i.e., Terms of Service) contained a number of privacy related provisions, including provisions protecting the confidentiality of private electronic communications, or email, and governing the disclosure of information relating to AOL's subscriber identities. AOL's current Privacy Policy not only clarifies and consolidates these various provisions into a comprehensive body of privacy rules, but also expands its privacy protections to cover "navigational" and "transactional" information (i.e., what members do and buy on the AOL Service). It also presents a clear, segregated explanation of the Privacy Policy for easy reference by members whenever they use the service.

The Privacy Policy is divided by types of data practices, including the collection, storage, use (internal), and disclosure of "individual information." "Individual Information" is defined as any information, data or records that relate to an AOL member's use of AOL and identify an individual member or a member's account. AOL's Privacy Policy does not cover the use or disclosure of aggregate information, as the company does not believe that aggregate information implicates personal privacy. AOL's Privacy Policy also distinguishes different types of Individual Information, separating this information into three principal categories: (1) "Member Identity and Billing Information," such as a member's name, street address, telephone number, and billing information, as well as any screen names associated with a member's account; (2) "Navigational and Transactional Information," such as information about where a member goes on the service or what a member buys through AOL; and (3) "Private Communications Content," meaning the contents of email, private chat room or instant message communications.

AOL believes that these distinctions help the company address its members' privacy interests by treating different kinds of information separately. The distinctions are based, in part, on the types of information articulated by the framework of the Electronic Communications Privacy Act (ECPA) governing electronic communications and records. Because AOL believes that disclosure of Individual Information to third parties is of greatest concern to its members, the most important aspect of AOL's Privacy Policy is AOL's pledge that it will not disclose any Individual Information to third parties except in very limited circumstances (e.g., where required by legal process) as specifically detailed in the Privacy Policy. The Privacy Policy also reflects the premise, consistent with ECPA, that a user's privacy interest is most acute in the confidentiality of Private Communications Content and less so, though still critical, in the confidentiality of Member Identity Information. Navigational and Transactional Information occupies a middle tier in this hierarchy of privacy concerns.

In developing the Privacy Policy, in-house counsel spent months meeting with various representatives of numerous company departments, as well as with outside counsel. After holding discussions, AOL's senior officers approved the Privacy Policy prior to its implementation.

Collection and Storage of IndividualInformation1

Member Identity and Billing Information. AOL maintains the following types of Member Identity and Billing Information: a member's name, street address, telephone numbers, length of membership, and payment information. The company also keeps information on members' communications with its Customer Service or Community Action Team departments, and general account history, such as accumulated usage credits, or written complaints relating to a member's account.

Navigational and Transactional Information. From time to time, AOL collects and stores on a sample basis certain Navigational and Transactional Information, such as data on the choices members make among the range of available services or merchandise and the times and ways members use AOL. This information is collected only for the purposes articulated in this Privacy Policy and discussed at Section C. below.

Private Communications Content. Despite rumors to the contrary, the AOL email system retains the contents of private email communications only for a limited time period. Furthermore, the AOL computer system does not record or retain any communications that members have in chat rooms or through instant messages. Instant messages on AOL work like email but take place in real-time between members who are simultaneously connected to the service. In the case of email, such communications are permanently deleted from the system after they have been read by the intended recipient(s) after about five days. In cases where email has been sent but remains unread, such communications are permanently deleted from the AOL system after about thirty days.

In addition to retaining only those records that AOL believes are necessary to provide the best possible services to its subscribers, AOL safeguards its members' Individual Information from unauthorized access. Under these safeguards, only authorized employees or agents2 who need to carry out legitimate business functions are permitted access to members' Individual Information. These strict confidentiality policies are reinforced in AOL's Employee Manual, which is given to every AOL employee, and in its contracts with any authorized vendors. Employees or vendors who violate AOL's privacy policies and confidentiality provisions are subject to severe disciplinary actions, including termination.

Internal Use of Individual Information

Member Identity and Billing. AOL uses Member Identity and Billing Information to administer its business generally, such as to ensure that members are properly billed. AOL also uses identity information on a selective basis to offer its members marketing information on goods and services that may be of interest. Such offerings are made most often through the use of customized pop-up screens. In part because of privacy considerations, in October of this year, AOL granted its members the option of opting out of all marketing pop-ups through an easy online process. AOL does not disclose any Member Identity Information except as specifically detailed in Section D.1. below.

Navigational and Transactional Information. AOL currently uses Navigational and Transactional Information on a sample basis for programming and editorial research. For example, AOL uses such information to better understand how members react to various content, service and merchandise offerings, and interfaces provided on the service. The company also aggregates such data to study how its members use the AOL services. Much of the content on AOL's service is provided by third-party partners. In order to enable these partners to improve their content offerings and develop advertising revenue, AOL provides them with aggregate information on usage patterns. Because the online environment in general is moving quickly towards information customization, AOL intends to use both Individual Information and aggregate data to customize the service to an increasing degree. While such customization is currently occurring on a limited basis, in the future AOL will increasingly seek to personalize interfaces and content offerings for its members' varying interests. AOL believes that one of its greatest comparative strengths is its ability to rationalize the overabundance of information and choices available on the burgeoning information highway.

Private Communications Content. AOL believes that private communications between the company's members deserve the greatest privacy protection. Therefore, the company treats private communications on or through AOL's service as strictly confidential and does not access, use or disclose the contents of private communications. The only exception to this basic rule is outlined in Section D.3. below.

Disclosure of Individual Information

While privacy concerns have been expressed with respect to use and collection of Individual Information, clearly the greatest concern consumers have with respect to privacy online is related to the transfer of Individual Information beyond the person or entity with whom a transaction was entered into. This basic notion of confidentiality of Individual Information forms the basis for AOL's policies regarding disclosure of personal information. The company's policy is to not disclose Individual Information to third parties without a member's prior consent or unless specifically provided in the Privacy Policy. These exceptions to the general rule of non-disclosure are as follows:

Member Identity and Billing Information. Just like traditional publishers in the print environment, AOL licenses certain limited Member Identity Information to select companies that offer products and services that may be of interest to AOL members. Before licensing any such information, AOL carefully screens all licensees to ensure that they intend to use such information for appropriate purposes. AOL never licenses certain Member Identity Information such as member screen names, telephone numbers, payment information (e.g., credit card or checking account), or other Navigational or Transactional Information. In addition, because AOL recognizes that all consumers may not be comfortable with such disclosures, the company has granted its members the option of opting out of its mailing list rentals.3

The company believes that screen name confidentiality is an important feature of the AOL service. However, AOL also realizes that individuals must ultimately be accountable for their online conduct and, therefore, does not grant members absolute anonymity. AOL does not disclose to third parties Member Identity Information that links a Member's screen name(s) with a Member's actual name, unless required to do so by law or legal process served on AOL Inc. (e.g., subpoena). AOL deviates from this policy only in exceptional circumstances (such as a bomb or suicide threat, or instances of suspected illegal activity) on a case-by-case basis.

Like other online and Internet providers, AOL's release of Member Identity Information is subject to applicable laws (e.g., ECPA). When responding to legal process served on AOL by non-government entities, unless otherwise ordered, AOL's current policy is to make reasonable efforts to notify the affected member prior to releasing the information to provide that member an opportunity to pursue any available legal recourse. AOL believes that this process is the best way of balancing its members' interests in the confidentiality of their screen names with the interest of potentially aggrieved parties. In addition, it would be impossible for AOL to assert adequately its members' confidentiality interests without having knowledge of the specific basis for a member's assertion of confidentiality (e.g., legal privilege).

Navigational and Transactional Information. AOL will not disclose to third parties Navigational or Transactional Information except to comply with applicable law or valid legal process (e.g., search warrant or court order).

Private Communications Content. AOL does not access or disclose the contents of private communications (e.g., email, instant messages, member-created private rooms), unless it in good faith believes that such action is necessary (a) to comply with applicable law or valid legal process (e.g., search warrant or court order), (b) to protect the rights or property of AOL Inc., or (c) in emergencies when AOL Inc. believes that physical safety is at risk.4 These exceptions are minor modifications of the default provisions of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701 et seq., and provide AOL with the flexibility it needs to deal with emergency situations.

Additional Issues within AOL's Privacy Policy

Notice.

In establishing its Privacy Policy, AOL needed to determine how best to notify subscribers of its existence. AOL chose to segregate the Privacy Policy in an area dealing generally with all of the rules for participation in its service, believing that it is the best way to ensure that such notice will be useful to consumers. In addition, AOL's registration process for new members prominently highlights its Privacy Policy and encourages users to take the time to read and understand it.

Third-Party Agreements. Because third-party content providers and vendors interact directly witih AOL members, the company has implemented policies to ensure that such third parties comply with AOL's privacy policies to the extent they are relevant. Therefore, the company's current agreements with its content providers and merchants place restrictions on their ability to collect and use individual information about AOL members. For instance, AOL's agreements with its Independent Content Providers (ICPs) require that AOL members are given conspicuous notice about the ICPs' information practices. AOL is in the process of finalizing a more comprehensive set of privacy guidelines for its various partners which will clarify these data protection principles for changing circumstances.

Mail Control Tools. AOL has also become the industry leader in combating the problem of bulk email solicitations, sometimes referred to as "spam" or "junk email." Bulk email has become the number-one complaint voiced by AOL members, generating, at times, thousands of complaints each week. Members have been angered by the fact that bulk emailers are able to shift the cost of sending the emails to them as they pay for online time. In response to its members' complaints and the increasingly damaging load placed on its email servers by bulk emailers, AOL introduced two user empowerment mail tools: Mail Control and PreferredMail.5 The Mail Control tools enable members to choose from whom they wish or do not wish to receive email. This tool helps members protect themselves from bulk emailers as well as allowing members to expand their privacy preferences to block email from any address.

Because Mail Control requires that the user affirmatively input the specific addresses from which they wish to block or receive email and could be easily circumvented by bulk emailers who constantly alter and forge their domain addresses, AOL introduced the PreferredMail tool. PreferredMail automatically shields AOL members from email sent from certain sites which have been responsible for sending mass email solicitations to AOL members, thereby generating numerous complaints. The list of such sites is updated regularly. Members who wish to receive mail from these sites, can easily do so by deselecting the tool with one click. The Mail Control and PreferredMail tools have significantly reduced, but not eliminated, the bulk email problem.

INDUSTRY INITIATIVES

The Interactive Services Association and the Direct Marketing Association

As part of AOL's effort to ensure that electronic commerce can develop and coexist with an environment that protects consumer privacy, AOL has undertaken to lead the way in the development of industry guidelines regarding the collection, use and disclosure of personal information online. We have engaged in this endeavor through two trade associations of which AOL is a member--the Interactive Services Association (ISA) and the Direct Marketing Association (DMA).

The Interactive Services Association is made up of a diverse array of companies that participate in the online world. They range from those providing connections to the Internet to those that provide the Internet's content. As such, the ISA is particularly well-suited to develop self-regulatory privacy guidelines that apply to the Internet. The ISA has been working to establish privacy guidelines for more than one year and has already adopted guidelines relating to the collection, use and disclosure of personal information online, unsolicited email, and marketing to children. These guidelines have been adopted by the ISA board of directors and its members. ISA's principles relating to children's marketing and unsolicited email have been issued jointly by ISA and DMA.

Because the online environment has continued to change so rapidly over the past several months, ISA is continuing to review and revise its guidelines to address privacy issues as they arise. Currently, a subcommittee of the ISA online policy committee is working to further clarify the principles articulated in those guidelines. The version already adopted by the ISA board of directors is attached at Attachment B.

Similarly, the Direct Marketing Association, the principal organization of companies marketing directly to consumers, has been working to adopt privacy guidelines for its members that operate in whole or in part in the online world. The DMA has long addressed issues of privacy in the traditional print world and has been working to translate those guidelines to the extent necessary to fit the online model. Because DMA and ISA bring different memberships and expertise to the issue of online consumer privacy, AOL has worked with the two associations separately and has encouraged their cooperation in this area.

Internet Privacy Working Group

Beyond the development of industry guidelines, AOL believes that the best way to address the concerns of online privacy is through tools that empower users to make their own informed choices about the maintenance of their personal privacy. Therefore, as discussed, AOL has devoted considerable resources to providing our members with the technology necessary to make choices about their personal information and identity online. Beyond the tools that AOL has developed for its own members, the company is committed to helping develop tools that can help all users of the Internet protect their personal information online. Because the Internet is built upon a system of common technical standards that enable people all over the world to access and provide content on the Internet, AOL believes that similar standards should be developed in the area of online privacy.

This model was successfully adopted in the area of content filters to protect children from inappropriate content, in the form of the development of the Platform for Internet Content Selection (PICS) standards by the World Wide Web Consortium at the Massachusetts Institute of Technology. Under such a model, the user chooses content preferences based on rating systems that can be put in place by any number of parties, independent of governmental mandate. The advantages of such a model to manage access to content are numerous, including, perhaps most importantly, the ability of consumers to apply their own personal standards to content decisions, free of government censorship.

These same advantages apply in the area of online privacy. Since each user has his or her own privacy preferences and since each Internet content provider has its own information practices, users should be empowered to exercise preferences individually, thus, for example, visiting those Internet sites where information practices are consistent with their preferences. Under this type of model, users will have the notice they need to make informed decisions and will be able to avoid areas on the Internet which fail to meet their privacy standards.

In order to help ensure the development of common standards for online privacy, AOL is a member of the steering committee of the Internet Privacy Working Group (IPWG). IPWG was formed this Fall to bring together interested parties to work with the World Wide Web Consortium in the development of a PICS-like system for privacy. In addition to AOL, the steering committee includes privacy advocates like The Center for Democracy & Technology and the Electronic Frontier Foundation, consumer advocates like Consumers' Union, commercial entities like Microsoft, and trade associations including ISA, DMA, and the American Association of Advertising Agencies.

The purpose of the steering committee is to develop a vocabulary around which technical standards can be configured. The primary challenge in the development of such a vocabulary is to make it flexible enough to support privacy preferences in a medium that is inherently without borders. In other words, because the privacy expectations that are generally held by citizens of the United States are not necessarily consistent with those held by citizens of European or other countries, it is impossible to develop standards around a limited vocabulary while simultaneously addressing the needs of all online users around the world. In order to establish the most flexible vocabulary, the IPWG steering committee is in the process of developing a set of scenarios that attempt to define the parameters of the vocabulary needed for the technical development process.6

EDUCATIONAL EFFORTS--PROJECT OPEN

Consumer education is critical. For instance, user empowerment tools can be effective only if users are adequately informed of their existence and how to use them. Also, many of the problems that arise in the area of privacy, both online and off, result from consumer ignorance about the use of their personal information. Consequently, AOL believes that the preservation of privacy in the online environment depends largely on a public that is informed about the collection and use of personal information online, and about the ways consumers can exercise choices about such activities.

In order to improve consumer awareness and understanding of privacy and other considerations online, AOL has posted clear information about our privacy practices to all AOL subscribers (as discussed above). In addition, the company has taken a leadership role in the development of Project OPEN--the Online Public Education Network--a joint effort of ISA, the National Consumers League, and leading online/Internet service companies, including AOL, AT&T, CompuServe, The Microsoft Network, and NETCOM On-Line Communication Services.

Since its inception in late 1995, Project OPEN has developed and distributed educational materials about issues such as online content controls for the protection of children, intellectual property, and privacy. Currently, Project OPEN is in the process of developing a privacy handbook to be widely distributed to consumers.

CONCLUSION

This paper is intended to help NTIA in its examination of corporate privacy practices and procedures in the online environment. Since 1985, AOL has evolved from a tiny start-up company to the world's leading Internet-online provider. AOL's success in a ruthlessly competitive and changing market has depended on paying close attention to its members needs and delivering a superior interactive experience. AOL members entrust the company with protecting their confidential and personal information and AOL is committed to honoring that trust. At the same time, AOL members increasingly rely on the service to sort through the maze of content and service offerings and provide them with the most compelling and personally relevant online experience at the most affordable price. Balancing the sometimes conflicting interests in privacy, personalization, and affordability is a challenge that AOL will continue to meet. AOL believes that through individual company, industry and consumer cooperation, the interactive services can meet diverse and at times conflicting consumer and business interests, and fulfill the tremendous potential of this developing medium. AOL is committed to leading the industry towards fulfilling this promise.

______________________________

ENDNOTES

1 This section describes the types of Individual Information that AOL collects and stores. For the reasons why AOL collects these types of Individual Information, see the section on "Internal Use of Individual Information" below.

2 AOL's Privacy Policy reserves the right to use agents, who are bound by strict confidentiality guidelines, to perform storage and processing functions on the company's behalf.

3 Members can exercise this option on the service by entering the "Marketing Preferences" area on AOL and clicking on "Tell Us What Your Preferences Are."

4 AOL does reserve the right to treat as public any private chat room whose directory or room name is published or becomes generally known or available.

5 AOL has also initiated litigation against one of the most notorious of bulk emailers who, among other things, has ignored repeated requests from AOL members to be deleted from their mailing lists.

6 For a complete discussion of the Internet Privacy Working Group, see the paper submitted in this proceeding by the Center for Democracy and Technology.

Case Study of American Express' Privacy Principles: Why and How They Were Adopted, the Choices Involved and a Cost-Benefit Analysis

American Express Company (AXP) has prepared this case study at the invitation of the National Telecommunications and Information Administration (NTIA)--as a submission to NTIA's examination of methods to ensure consumer privacy protection in the telecommunications and online environments. This text addresses the issues raised in connection with the development, administration, and maintenance of consumer privacy protection in a complex financial services business. The study will make three major points:

For more than 25 years, American Express has been an active leader in promoting voluntary privacy policies consistent with the attributes our customers associate with the American Express brand--security, integrity, commitment to customers, service excellence, recognition, and global presence.

American Express has adopted and complied with the data protection laws where we conduct business. Implementation of the Consumer Privacy Principles has been adapted globally to embrace the differences in legal and political cultures throughout the world.

The goal of ensuring proper privacy protection for consumers in the highly dynamic environment of information-technology development, especially in relationship to online services and to new financial instruments such as stored-value products, is best served by voluntary adoption of privacy principles and policies by businesses and industry.

AMERICAN EXPRESS TODAY

American Express Company, a global travel, financial, and network services provider founded in 1850, provides customers with a variety of products and services consistent with its brand. The Company provides individuals with charge and credit cards, travelers cheques and other stored-value products. It also offers financial planning, brokerage services, mutual funds, insurance, and other investment products.

Through its family of Corporate Card services, American Express helps companies and institutions manage their travel, entertainment, and purchasing expenses. It provides investment management services and administers pension and other employee benefit plans. The Company also offers accounting and tax preparation to small businesses, and financial education services to employees at their places of work.

As the world's largest travel agency, American Express offers travel and related consulting services to individuals and corporations around the globe. The Company also provides services to corporations, wealthy entrepreneurs, financial institutions, and retail customers outside the United States.

American Express employs more than 70,000 employees on a worldwide basis and, in 1995, generated $15.8 billion in net revenues.

AMERICAN EXPRESS AND PRIVACY: AN OVERVIEW

From the early days as a travel and entertainment card business, AXP recognized that Cardmembers associated "trust" with its brand name.

Since privacy protection is a component of consumer trust, ensuring privacy through internal policies and providing leadership to the industry were--and are--seen as important business efforts. Following are the major privacy initiatives undertaken in response to changes in the Company's structure, business, product mix, and technology, as well as consumer expectations.

1958-1980

AXP launched its travel and entertainment charge card in 1958 and moved into computerization from 1962 to 1968. During this era, AXP adopted formal guidelines covering the release of Cardmember data to third parties and, in 1974, became the first U.S. charge card firm to provide its Cardmembers with an annual form to opt out of marketing offers. Over time, a consistently small percentage of Cardmembers have elected to remove their names from marketing lists. Accommodating this segment of the Cardmember base was, and is, good business: it demonstrates a respect for customer choices; it lowers mailing and telemarketing expenses; and it improves response rates. (A copy of the current opt-out communication is available from the author.)

AXP also supported privacy protection policies in testimony before the U.S. Privacy Protection Study Commission, in 1975. In 1978, AXP issued to employees its own comprehensive Privacy Code of Conduct for handling customer and employee information--believed to be a first in the American financial services industry. It was based on U.S. fair information practices concepts and on the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. In 1979, AXP was one of the first U.S. multinational companies to endorse the OECD Guidelines.

1981-1988

AXP expanded into a multibusiness financial and information-services enterprise. It pioneered the first Cable Subscriber Privacy Code (issued by Warner-Amex in 1981); asked that its newly acquired companies adopt and apply the 1978 AXP Privacy Code of Conduct; and became a founding member of the Direct Marketing Association's privacy task force.

1989-1995

During the late 1980s, the mass media focused on uncontrolled uses of personal consumer information, including uses of charge and credit card information. Consumer privacy bills proliferated in the state legislatures and there were calls in Congress to protect privacy by strengthening the Fair Credit Reporting Act's rules for both handling consumer credit reporting and uses of credit bureau information.

In 1988, Jon Linen, then president of the Direct Marketing Group of American Express Travel Related Services (and now vice chairman of AXP), spoke about the need to protect consumer information at the Direct Marketing Association's national conference. He warned that American consumers were getting "fed up" with the direct marketing industry's "inattention to individual privacy." He called on companies to adopt strong voluntary privacy rules, in order to restore consumer faith and avoid harsh government intervention.

AXP co-sponsored a national consumer privacy conference in 1990 with the National Consumers League to better understand emerging public and consumer advocacy opinion. To test opinions, AXP conducted surveys--one of the general public in 1988 and another of its Cardmembers in 1989. Respondents identified privacy matters as very important to them and noted that they were looking for new guidelines to govern consumer information uses by businesses.

Developing the 1991 Consumer Privacy Principles. Against this backdrop, AXP formed an internal privacy task force led by its Consumer Affairs Office. The task force included representatives from each of AXP's businesses and engaged the services of an independent privacy expert. After studying the few privacy codes in existence at that time from other companies and the positions of privacy groups and government officials, the task force decided to develop a new framework--privacy principles rather than a code--to serve the needs of this growing global company.

In a massive undertaking, the Company also developed a comprehensive privacy-reporting template in order to conduct a personal - information audit. The results of the audit identified issues that led to the development of eight principles, which protected consumer privacy while allowing for legitimate and fair uses of consumer information.

Approving and Enforcing the Privacy Principles. The Principles were presented to the AXP Planning and Policy Committee, and to the Public Responsibility Committee of the Board of Directors. In January 1991, the Principles were adopted. Over the next year, each business unit developed specific policies to meet the requirements of the new Principles.

The 1991 Principles stated that employees are responsible for knowing and following the Principles. For example, employees are not allowed to review customer account information unless they can provide a business reason to do so. A first infraction results in a warning and probation. An additional infraction can be cause for termination. The Company also developed a plan for employee communication and training as well as a program for compliance review. (The text of the 1991 Consumer Privacy Principles is available from the author.)

Communicating the Privacy Principles. The Principles were printed in a brochure entitled Protecting the Trust: The American Express Consumer Privacy Principles, which began with a strong letter of endorsement from the Company's chairman. The brochure was published in seven languages, for use by all AXP employees worldwide. Briefings for corporate and business unit senior management were held and an extensive Privacy Resource Kit was created and sent to managers and trainers at all AXP units around the world.

Privacy initiatives and participation with consumer opinion leaders at privacy advocacy events supported the announcement of the 1991 Consumer Privacy Principles. The AXP Consumer Affairs office co-sponsored a "summit conference" of business and privacy groups to explore areas of consensus for new privacy policies. The summit was conducted in conjunction with the Consumer Federation of America and the Society of Consumer Affairs Professionals (SOCAP)--an organization of 3,000 members from all sectors of American business, who represent consumer interests within their companies. AXP urged the industry groups to actively develop new privacy protections.

Reactions from consumer and other public-interest groups were favorable, particularly on the Company's willingness to speak out on the need to institutionalize consumer privacy rights. AXP and the U.S. Office of Consumer Affairs developed a brochure for consumers on privacy rights called, Protecting Your Privacy. The brochure has been widely distributed via the U.S. Consumer Information Center and was made available on the center's web site. Later, AXP produced an educational resource kit for high school and college teachers. More than 20,000 copies have been distributed. The kit--titled Who Knows? Your Privacy in the Age of Information --contains a resource guide and a poster, as well as discussion and student-activity materials. The Canadian government is adapting the kit to correspond to Canadian laws and is making it available to all schools across Canada via the school's intranet. In 1992, American Express received an achievement award for its privacy project from SOCAP.

UPDATING THE 1991 CONSUMER PRIVACY PRINCIPLES

In mid-1995, the Consumer Affairs Office convened a meeting of line managers, whose responsibilities included the use and protection of customer data. The purpose of this meeting was to review the 1991 Privacy Principles. An internal audit of compliance was conducted, and external privacy advocates were consulted for their perspectives on consumer privacy issues.

The audit results found compliance to be satisfactory. However, given the many changes at AXP since 1991, Chairman Harvey Golub created a new privacy task force, in late 1995, to review the Principles in light of new products and services; strategic business issues; new technology; and the current privacy expectations of AXP's customers and the public.

The core group of the task force, under the direction of AXP's executive vice president for Corporate Affairs and Communications, consisted of more than 30 senior and midlevel managers and staff experts. Quarterly meetings were held throughout 1996. Six subgroups identified issues, benchmarked against other companies, conducted research and made recommendations for changes. These extensive and broadscale discussions raised awareness within the task force of the growing complexities in the privacy arena.

As a point of reference at the first meeting of the task force, an outside expert reported on his comparison of the AXP Privacy Principles to those of other U.S. companies, and summarized the recommendations of leading government and academic specialists. To gain further insight into consumer expectations, the task force drew on a just-completed proprietary privacy study.

In mid-1996, the subgroups reviewed their recommendations with the privacy task force, as well as with the chairman of the Company and others in senior management. As the work progressed, it became clear that it is difficult to separate privacy from business issues, and that new delivery systems raise questions about how best to apply the Principles. Because privacy is now so ingrained in the culture of AXP, the question was not whether, but how to apply the Principles, for example, when marketing on the Internet.

Since AXP launched its ExpressNet site on America Online nearly two years ago, the Company has greatly increased its presence in cyberspace. AXP recently adopted the following guidelines for online privacy, similar to those adopted by the Direct Marketing Association and the Interactive Services Association: 1) we will not use an e-mail address for marketing purposes without a customer's knowledge; 2) when customers choose to give us their e-mail addresses, they will be given opt-out choices; and 3) for those who merely browse on our web sites, we will not send unsolicited e-mail messages.

THE 1997 CUSTOMER PRIVACY PRINCIPLES

The eight principles articulated in 1991 have withstood the test of time. Based on the work of the new privacy task force, a set of updated American Express Customer Privacy Principles will be issued to employees in early 1997, along with a letter from AXP Chairman Harvey Golub. There are minor changes reflecting both the current company structure and the environments in which we carry out our business, such as marketing via the Internet. In addition, the Principles have been rewritten in "plain language" to make them more understandable to our employees and to customers. The updated Principles will be issued globally in various languages to serve the many markets where AXP does business. In addition to the updated Principles themselves, there are many benefits that have grown out of the review process. It has:

sensitized over 100 line managers to current privacy issues, and educated them on the application of the Principles to diverse business situations;

highlighted the relationship of privacy to the issue of trust which is central to protecting the brand reputation;

reinforced the centrality of privacy in the development of new products and services;

reminded managers of their accountability for compliance; and

ensured that the Principles work for the business--and are not just theoretical policies.

The issuance of the updated Privacy Principles will not diminish the Company's attention to privacy protection and consideration of further need for changes. The Consumer Affairs Office has broad responsibility for consumer issues, including privacy, and will continue to provide leadership on this issue by: a) monitoring and analyzing the views of consumer advocates, regulators, and other opinion leaders; b) working with the Company's business units to consider the implications of this analysis for new products, services, and delivery systems, and recommending courses of action; and c) developing consumer education.

AMERICAN EXPRESS PRIVACY ACTIVITIESWORLDWIDE

As already noted, AXP's Privacy Principles and policies have been issued as standards for its worldwide operations. AXP has been involved in privacy matters in other nations and on the international scene, and AXP officials have participated in most of the major data protection legislative efforts of the past two decades in Canada, Europe, and the Far East.

AXP's position supports the privacy principles that were expressed in the OECD Guidelines, the national data protection laws and regulations in Europe in the 1970s and 1980s, and the European Union's 1995 data protection directive (which goes into effect in October 1998).

AXP has worked with officials to explain problems that financial services firms could have with some proposed data protection rules, and to suggest ways that such conflicts might be avoided without compromising fundamental privacy values. AXP's position is that privacy protections can be sensible and that individual choice through informed consent is the best approach to govern the use of data by businesses wherever they operate. The fact that AXP began adopting Privacy Principles and opt-out procedures in the 1970s, and deepened those policies in the 1980s and 1990s, has given data protection advocates and officials a model with a successful history of according consumers a substantial measure of privacy protection.

The same has been true of AXP's participation in private standards efforts in other nations. When the Canadian Standards Association (CSA), a private technical association with business, governmental, privacy-advocate, and academic participation, set out to develop a set of innovative privacy standards for the private sector in 1994/95, AXP was an active member of the CSA drafting committee.

A COST-BENEFIT ANALYSIS OF PRIVACY

How does one calculate the value of privacy and privacy initiatives? It is difficult to quantify the cost of privacy, since it is difficult to separate privacy costs from ongoing business expenses. Trust and protecting the confidentiality of personal customer information are inextricably connected, and most privacy protection efforts are represented by business decisions about how to design systems and processes that result in privacy protection.

The American Express brand is a highly valuable asset. Spending on privacy protection can be seen as an extension of efforts to promote our brand image--which supports our vision: to become the world's most respected service brand. As Vice Chairman Jon Linen asked in his 1996 "Privacy and American Business" speech: "Is privacy protection expensive? No--what's costly are hassled, mistrusting, potentially former customers."

REGULATION AND VOLUNTARY POLICIES

We believe that government regulation of privacy on the Internet and other online areas is very risky given the rapid changes in this new technology. Regulation could promote one technology over another and act as a barrier to the full realization of the benefits of commerce in cyberspace.

NTIA is well positioned to encourage companies to create voluntary privacy-supporting policies and practices, such as those steadily being issued by online companies and associations. Online privacy guidelines were recently published by the Interactive Services Association and the Direct Marketing Association, and the guidelines developed by AXP are being designed into its web sites. There are also promising new technological tools that offer major privacy-enhancing choices by giving individual online users control over who can market to them.

We think that the online marketplace will reward those companies that adopt good privacy policies, and will give them a competitive advantage in the coming decade. To quote AXP Vice Chairman Jon Linen, "If we regulate ourselves . . . if we use consumer information carefully and judiciously, and with the interests of our customers at heart, we will be working not to our detriment, but to our competitive advantage. Conversely, I believe that those who lose this customer focus--who disregard the trust their customers have placed in them--will eventually suffer the consequences in the marketplace. We're betting the marketplace will self-select those companies that, like American Express, protect consumers' privacy while offering relevant and targeted products and services."

Competitive forces will define consumer privacy in the online world. It is this evolutionary process that we urge NTIA to encourage and foster.

The Reader's Digest Association, Inc.: Privacy Policies and Practices, and Views on Self-regulation.

This paper has been prepared in response to the November 14, 1996 letter of Larry Irving of the United States Department of Commerce, National Telecommunications and Information Administration. This letter called for papers relating the experience of selected companies with respect to self-regulation and effective implementation of privacy practices.

Since the debut of Reader's Digest magazine in 1922, The Reader's Digest Association, Inc. has become a preeminent global publisher and direct marketer of products that inform, enrich, entertain and inspire people the world over. Total revenues exceeded $3 billion for the first time in fiscal year 1995, roughly 60 percent generated outside the United States by 21 international operating companies. Reader's Digest has operations in over 50 locations throughout the world, located in 36 different countries.

Along with its flagship magazine, Reader's Digest sells quality books, music, home videos, audio books, special interest magazines and a growing line of multimedia products. The company markets its products primarily by direct mail, and is rapidly expanding into other distribution channels, including direct-response television advertising, interactive on-line services and door-to-door sales. The Reader's Digest World Wide Web site was launched on October 28, 1996, and is linked to Reader's Digest Websites operated by its subsidiaries in the UK, Finland, Poland, Canada, and Scandinavia.

Global success is driven by Reader's Digest, the world's best-read and best-selling magazine. Every month, about 100 million people in virtually every country in the world read the magazine, in 48 editions and 19 languages. Global circulation exceeds 27 million. Through the unique global reach of the magazine, Reader's Digest has built databases worldwide containing more than 100 million households. This wealth of customer information helps Reader's Digest to create and market well researched, high-quality products of superior value.

Reader's Digest welcomes the call by the National Telecommunications and Information Administration for these papers and looks forward to the public forum to address these papers. The Company believes this form of leadership is an important element in the development of effective self-regulatory programs in the business community. Moreover, the letter is an excellent example of a pro-active facilitative role for government, as eloquently called for by the Global Information Infrastructure Commission in its several recent publications.

DEVELOPMENT OF READER'S DIGEST'S PRIVACY POLICIES AND PRACTICES

Reader's Digest started business in 1922 as a direct mail marketing company and has been an international direct mail marketer of published products since it opened its first international subsidiary in the United Kingdom in 1938. In all the markets in which it operates through direct marketing, it constructs, maintains and updates a database of its customers and prospects. This database is one of the Company's most valuable assets and its security, accuracy, integrity, proper use and development under a diversity of legal regimes has been a critical factor in the Company's success.

The Company is keenly aware that the accuracy and usefulness of that database can not be assured unless the public and the Company's customers have confidence that the Company will not abuse their trust. Therefore, the Company welcomes any opportunity to improve the climate of data protection in an effective way to assure the public that personal data are and will be properly handled by the direct marketing community and that the consumer has the power to control his or her data.

The main privacy principles on data protection were first clearly articulated by the OECD in 1980, with its Council Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The principles entered the realm of public international law with the Council of Europe Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data. This was opened for signature at Strasburg, on 28th January 1981. Shortly thereafter, and based on those principles, Reader's Digest began formulating a set of international policy instructions applicable to all its operations worldwide. This set of policies are under continuous review, but have stood much of the test of time since their adoption in 1984.

In the Company's experience, not only its original policy instruction, but the OECD principles as elaborated upon in the GIIC statement on "Personal Information Privacy Policy--Recommended Actions" are practically undebatable as to their acceptability and desirability, and, if put into practice, they will provide effective consumer protection.

As mentioned, the Company's policy was formulated following the signing of the Convention and adopted in 1984. Reader's Digest has been a proponent of direct marketing self-regulation in the privacy area both before and after adoption of the Council of Europe Convention, the Digest's own internal policy, and the further elaboration of legal regimes governing data protection, primarily in Europe. In the experience of the Company, self-regulation in the privacy area can be a success with or without an overarching legal regime containing enforcement mechanisms, provided a certain critical mass of the following important factors is present.

In addition to the factors discussed below, it may be that privacy and protection of personal data is a subject uniquely suited to self-regulation in ways in which other aspects of a competitive business environment may not be. For example, in direct marketing the benefits of providing to consumers access to their data and the ability to opt-out of the system are compelling from the point of view of both customers and business competitors, and yet assuring such rights to consumers raises few, if any, antitrust concerns, bestows no competitive advantages on those who do not abide (indeed, non-compliance may prove disadvantageous), and thus the issue of "enforcement" may be less compelling. Accuracy of information and transparency of processing of personal data, required by the principles, provide major commercial benefits.

KEY ELEMENTS OF A SELF-REGULATORY PROGRAM IN THE DIRECT MARKETING INDUSTRY

The primary self-regulatory program in the area of customer data in direct marketing is the provision to consumers of the right to "opt out" of the system of direct marketing and to assure that the data which may be in companies' files is not used to market to them further. This is known as the Mail Preference Service.

Reader's Digest has, throughout its history, maintained an in-house suppression program pursuant to which it will mark a consumer's file "do not mail" upon request of that individual. In addition, direct marketing associations throughout the world in which the Reader's Digest is an active sponsor will actively advertise their Mail Preference Services.

Recently, as telemarketing has become more wide-spread, this service has been joined by the Telephone Preference Service. Under either system, a consumer may register with the Direct Marketing Association or other administrative body. This body periodically sends to all members the Mail Preference Service or Telephone Preference Service list and the member uses this list to mark its own files "do not mail/market". In countries where Association membership is not required by law, the Association will also make this list available to non-members.

The development of these programs, both within Reader's Digest and internationally through direct marketing and other trade associations, is the recognition by business of the consumer's right not to receive mail. Moreover, it is a recognition by business that individuals who will expend effort to register with the service are unlikely to make use of the product and service offerings made available thereunder. Thus, these programs promote efficiency, cost-savings, and better consumer relations. In short, the adoption of these services provides a communication channel from consumers to business which empowers consumers.

CRITICAL ELEMENTS FOR SUCCESS.

In the Company's view, the success of these Preference Services in the direct marketing field, and the success of Direct Marketing Associations in encouraging their members to adopt fair information practices depends on a number of interconnected factors. This is not to say that all these factors must be present for these programs to be successful, but all are important to the process.

Leadership on the issue.

It is important that a respected business figure, government official, or trade association official exhibits leadership in raising and addressing the issue of consumer privacy and fair information practices. Consumers' concern for the use of their data in direct marketing must be clearly articulated in ways that business can understand, and to which it can react effectively. In fact, it is only when inspired leadership convinces the industry that there is an unaddressed problem which, in many cases, has not been heard because it was silent, that these programs are put into place and the reputation and credibility of the direct marketing practice improves.

In many respects the subject of privacy and data protection is one of silence as far as the direct marketing industry is concerned, because every consumer has absolute power to throw mail into the waste basket. While consumers clearly continue to have this power even with a Mail Preference or Telephone Preference Service, these services provide consumers power to articulate their views and a mechanism to exert control over their data in a manner not previously known to them. This gives them the significant power to control the use of their personal data even by users of which they are not aware.

Consumer Education.

For a trade association program on data protection and privacy in direct marketing to be successful, consumers must be made aware of the availability of the program and the program must be easily accessible.

In a certain sense the Telephone and Mail Preference Services correct a market failure of communication and knowledge availability. In essence a preference service requires a business to carry out one more step in preparing data before it can begin to contact customers, and thus is in principle an additional cost, although one not easily quantifiable. Asking a rational businessman to incur the cost of an educational program in order to impose another processing cost on his business operation is counter-intuitive. Here, however, the availability of partnerships with government offices and agencies can prove extraordinarily useful. In addition, strong leadership from business leaders, trade associations and government in selling the program as a public benefit for the industry is often critical to success. Business, nevertheless, readily appreciates the economic benefits of avoiding costly mailings to unlikely respondents or hostile opinion leaders.

Partnership with Public Agencies.

Reader's Digest and the Direct Marketing Association have a long history of partnerships with the U.S. Post Office, the Federal Trade Commission, with the South African, Argentine and New Zealand Post Offices, and with many government agencies and offices throughout Europe in consumer education programs, both on promotional devices and on data protection and privacy self-regulatory programs. In Argentina, for example, the Mail Preference Service response cards will soon be available in every post office.

In South Africa, the Post Office recently agreed to manage the not inconsiderable administrative burden of data inputting Mail Preference Service respondents and distributing the data to the members of the Direct Marketing Association.

To the extent that these services become more widely known and available, the consumer is empowered and the business environment improved. In addition, the education of the consumer at the same time educates new entrants to the direct marketing field who build it into their business plans as they commence work.

Internal Compliance and Self-regulation.

Self-regulation is more effective if combined with internal discipline in the companies who pledge to follow a self-regulatory code or practice. Leadership at the very top of the company which has pledged through membership in an association to abide by a set of fair information practices is extremely important.

The institution of an in-house compliance program and the naming of an in-house privacy officer will prove extremely effective in providing a consumer point of contact for problems and an employee point of contact for assurance of compliance. For example, Reader's Digest companies in the United Kingdom, Germany and The Netherlands have appointed data protection officers responsible for assuring compliance with both the laws and self-regulatory programs adopted in those countries. A similar responsible employee will soon be appointed in Hong Kong, and in other countries.

Respect for the Rules.

Important for the success of any self-regulatory program, whether for privacy, advertising standards, product quality or any other matter, is a shared community of respect for these rules and the law in general. Such respect starts with fundamental agreement on the principles at stake.

In the area of privacy and data protection it is Reader's Digest's belief that these principles are generally accepted as they have been formulated in the OECD Principles, the Council of Europe Convention 108, the European Directive on Data Protection, and as recently articulated in the call for action by the Global Information Infrastructure Commission.

Such principles being reasonably universally accepted, the practical application of those principles within the direct marketing business is not particularly complex. As is pointed out in the attached note from Reader's Digest's U.K., list and data base practices are particularly well-suited to self-regulation, being creatures of fast-changing technologies. Moreover, the concerns of consumers in this area lend themselves to expeditious and nearly cost-free resolution through the available self-regulatory dispute resolution mechanisms.

Consequently, the respect is not only to the law, but beyond the law, to the spirit underlying the law and thus more effective and more flexible than statutory formulations. Regimes founded on enlightened self-interest are fully believable to the general public.

CONCLUSION

The experience of Reader's Digest throughout the world, where it has active direct marketing association affiliations or otherwise has an operating entity, is that consumers, when informed of the availability of Mail and Telephone Preference services, do not make significant use of those services, but in fact prefer to receive the information brought to them through direct marketing programs. For example, Reader's Digest Canada inserts a notice in all of its promotional materials inviting consumers to contact the company directly to have their names removed from its list. The average response from consumers taking up this offer is less than for 3 each 10,000 pieces of mail.

Based on this and many similar experiences, Reader's Digest is convinced that direct mail is perceived by consumers as an important information source. Therefore, the Company believes that offering consumers the opportunity to object to receiving direct mail, that is, "opt out", as opposed to requiring consumers to "opt in", most closely accords with consumer needs and wishes. Why should 9,997 persons be required to assert a right to receive information, when a very simple mechanism, a powerful mechanism, is in place to enable the 3 to relinquish that right?

Finally, it should be noted that in many European countries the success of self-regulatory programs within industry has been significantly impacted by the government's willingness to participate cooperatively in formulating such programs and codes of practice. In those countries which require or encourage industry to adopt codes of practice for submission to data protection authorities, the regulatory bodies have proved enormously helpful and cooperative in fulfilling an educational, facilitative and advisory role. This has greatly enhanced the operation of self-regulatory regimes. This has been especially true in the United Kingdom, France, and the Netherlands.

Reader's Digest is currently in dialogue with the Data Protection Commissioner in Hong Kong on the development of a Code of Practice and has had successful and useful experiences in this area in Canada, Australia, and New Zealand. If there is a model to be emulated, it is this model of involved and interested governmental authorities facilitating and assisting business in this important consumer protection area, rather than assuming an adversarial enforcement posture and providing business no assurance of a safe haven in its drawing up of Codes of Practice.

DATA PROTECTION AND SELF-REGULATION IN THE UK

The UK's Data Protection Act ("the 1984 Act"), implementing the Council of Europe's Convention 108 of 1981, was adopted in 1984. Well before this the UK's Advertising Association ("the AA") charged its Data Protection Committee with drafting a Code of Practice governing the use of personal data for advertising and direct marketing purposes. Section 36(4) of the 1984 Act places a duty on the Data Protection Registrar (the UK's data protection authority) to encourage, where appropriate, sectoral codes of practice, and the AA's Code was the first to be developed and welcomed by the Registrar.

The number of complaints received by the Registrar is a fair barometer of the successful operation of Codes. Initially, complaints relating to the direct marketing sector formed the single largest group (not surprisingly, as this sector accounts for by far the most visible use of personal data).

In successive years the Registrar has reported sharply declining figures for this sector. They now form a relatively minor part of the Registrar's post bag. Successive Registrars have attributed this improvement as due in large measure to effective self-regulation, of which a mailing preference service forms a substantial part.

In 1988, the industry wished the Code to have wider application, and it persuaded the Committee of Advertising Practice ("CAP") to agree to adapt the AA's Code. CAP is an industry body on which is represented all the major trade associations whose members are involved in consumer advertising, together with media and agencies, and which draws up the Codes administered by the Advertising Standards Authority ("the ASA").1 The ASA subsequently agreed to adjudicate complaints from consumers and businesses that data users had breached the Code, and CAP published an appropriate Code in December 1988 as Rules for Direct Marketing including List and Database Management. Despite reservations expressed by some members of the ASA's Council, few problems have arisen and an updated version of the rules now forms a section headed List and Database Practice within the current British Codes of Advertising and Sales Promotion, published by CAP in February 1995 (Annex #1). In the course of commenting upon this, the Registrar in his report to Parliament in 1994 wrote that

Over the years since the Data Protection Act came into force, the direct marketing industry has made significant changes to meet standards of practice.The result has been that complaints to my Office about direct marketing have largely faded away.

The operation of self-regulatory rules does involve anti-trust considerations. In the first instance all such sets of rules have to be submitted to the Director General of Fair Trading who determines whether they might operate against the public interest. In relation to such Codes, this has never proved a problem. In any event, the Director General is under a statutory duty (S 124(3) of the Fair Trading Act 1973) to encourage relevant associations to develop codes of practice "for guidance in safeguarding and promoting the interests of consumers in the United Kingdom."

List and database practice is particularly well suited to self-regulation. The practice is very much a "best endeavours" area, where name and address variations can generate problems. Self-regulation is much more flexible than the law, and issues arising out of new technologies can readily be accommodated. From the consumer's point of view, it is much less daunting than the law, is altogether speedy, and is virtually cost-free. While the law is frequently viewed as providing impediments to be circumvented by ingenuity, self-regulation emphasises the spirit as well as the letter of its rules. As these rules have been drawn up by their peers, practitioners are very much less likely to find ways around them.

There is a tendency to want the enforcing body to have a majority of non-industry members. From a public relations standpoint, this is understandable, but our experience on several self-regulatory bodies is that it is the industry members who are toughest on transgressions.

The ultimate sanction is the publication of an adverse adjudication, which may result in major companies declining to do business with businesses which bring the industry into disrepute.

If the UK did not have a Data Protection Act, industry would almost certainly incorporate in its rules a requirement to comply with the data protection principles in the Council of Europe's Convention 108, and now reflected in the European Union's Data Protection Directive. (The principles in the OECD Guidelines do not differ in substance from those in the Convention and the Directive.)

______________________________

ENDNOTES

1 The ASA has an independent Chairman (currently Lord Rodgers of Quarrybank), appointed by the industry body which collects a surcharge on advertisements to fund the self-regulatory system. The Chairman appoints all members of the Council of the Authority, which is required to have a majority of non-industry members.

It's hardly news that technology is changing the way companies do business and changing the way they collect and use information about customers. Used responsibly, that information can help serve customers better. But with advances in data processing come growing concerns--by customers and policy makers--about maintaining the privacy of individual customer information.

In 1994, charged with upholding the Company's century-old tradition of customer service and trust in an increasingly competitive and multi-player marketplace, the NYNEX Public Policy Council, a team of senior managers responsible for creating NYNEX public policy, addressed the issue of protecting individual customer information.

In 1995, the Council approved nine Privacy Principles which are applicable wherever there is individual subscription to, or use of, a NYNEX service, with the goal of protecting a customer's telecommunications-related personal information. All officers and department heads received the Principles and concomitant guidelines for use with stakeholders including regulators and legislators. Each NYNEX business unit was assigned the responsibility for implementing the Principles on an ongoing basis with customers according to its particular business and its customers' privacy expectations. Customer privacy was also included in employee training materials prepared and distributed to supervisors with the NYNEX Code of Business Conduct, and in early 1996 the Principles were communicated to all NYNEX employees.

The message of the Principles is straightforward: We expect our employees to protect the privacy of our customers and we encourage our partners and suppliers to do the same.

BACKGROUND: CREATING NYNEX PRIVACY PRINCIPLES

In April 1994, the NYNEX Public Policy Council1 considered its position on the use and disclosure of customer information2 in light of several business, and broader industry and regulatory developments. From the business perspective, NYNEX needed to preserve its long history of public trust while competing to maintain its existing customers and attract new ones in a multi-player local exchange market and in its other lines of business. From the regulatory and industry vantage point, the New York State Public Service Commission (PSC) had issued a "Revised Statement of Policy on Privacy in Telecommunications" and, in New York Telephone Company's Performance Regulation Plan, the Company had committed itself to abide by that Statement of Policy and to "continue to review new service offerings with its customers and staff for the purpose of identifying and resolving potential privacy concerns." Additionally, the Federal Communications Commission (FCC) and National Telecommunications and Information Administration (NTIA) had requested comments of industry participants on whether and how the federal government should revise current restrictions on the use of certain customer information. Also, Congress was considering legislation that would impose additional restrictions on the use of customer information, and the European Union was considering requiring express consent or an "opt in" by the consumer prior to information about the customer being disseminated to another entity.

In November 1994, the Council considered its most important stakeholder, that is, the customer. A recent Louis Harris poll3 showed that concerns about threats to personal privacy were growing--82% of the public was concerned in 1994, as opposed to 79% in 1990 and 64% in 1978. Seventy-eight percent of Americans felt that consumers had lost all control over how personal information about them was circulated and used by companies. Seventy-six percent believed that business organizations asked consumers for too much personal information.

On the other hand, half of the American public believed that businesses handling personal information were paying increasingly more attention to privacy policies. Nearly three-quarters of all Americans said they would rather see companies voluntarily provide privacy policies, rather than have the government enact regulations.

As part of the Harris poll, those surveyed heard a description of home interactive services, and the subscriber profiles that companies could compile about a customer's viewing and purchasing patterns. More than half indicated that they would be interested in having advertising presented to them based on their particular interests, as revealed by their subscriber profile. But, the majority (61%) were concerned about the privacy implications of having a subscriber profile created about them.

AN HISTORICAL PERSPECTIVE ­ BUILDING ON EXISTING CORNERSTONES

As noted above, in 1991 the New York PSC promulgated a "Revised Statement of Policy on Privacy in Telecommunications." The Statement included a set of eight "Privacy Principles." These Principles were not promulgated as binding formal regulations, but rather as guidelines that were intended to provide a framework for the Commission's consideration of privacy issues in future proceedings. New York Telephone Company has committed to abide by those Principles, and in particular their emphasis on reviewing the privacy implications of proposed new-service filings. These Principles helped forge the Council's thinking and state that:

Privacy should be recognized explicitly as an issue to be considered in introducing new telecommunications services.

The interest in an open network should be recognized in evaluating alternative means for protecting privacy.

Companies should educate their customers as to the implications for privacy of the services they offer.

People should be permitted to choose among various degrees of privacy protection, with respect to both the outflow of information about themselves and the receipt of incoming intrusions.

A telephone company offering a new service that compromised current privacy expectations would be obligated to offer a means of restoring the lost degree of privacy unless it showed good cause for not doing so.

Considerations of cost, public policy, economics, and technology all bear on the pricing of privacy features, which must be determined case-by-case.

Unless a customer grants informed consent, subscriber-specific information generated by the subscriber's use of a telecommunications service should be used only in connection with rendering or billing for that service or for other goods or services requested by the subscriber.

Privacy expectations may change over time, requiring, in some instances, changes in telecommunications services. At the same time, changes in telecommunications technology services and markets may lead to changes in customers' privacy expectations.

PRIVACY BENCHMARKING

Much good thinking was going on in public policy fora to increase awareness of safeguarding customer privacy, which was useful in formulating NYNEX's Principles. For example, the National Information Infrastructure (NII) Task Force's draft Principles stated that individuals were entitled to a reasonable expectation of information privacy and those using the NII should ensure that information was secure and that it was accurate and relevant for the purpose for which it was given. "Information collectors" should tell individuals why they were collecting information, what they expected it would be used for, what steps they would take to protect its confidentiality, and any rights of redress should the information be used improperly. Additionally, the NII Principles stated that "Information users" should assess the impact on personal privacy of current or planned activities, obtain and keep only information that could support current or planned activities, use the information only for those or compatible purposes, use appropriate controls to protect the confidentiality and integrity of personal information, provide individuals a reasonable means to obtain, review, and correct their own information, and allow individuals to limit the use of their personal information.

LOOKING TO INDUSTRY PARTNERS

NYNEX also examined how other businesses addressed the challenge of safeguarding customer information in a competitive market. American Express was the first company in its industry to offer customers the ability to "opt out" of the sale of their customer information. American Express advised companies to: Tell customers what information they collected and how it would be used; offer the customer some control over how the information would be used; assure the quality of the information collected; protect the data--with other companies, use salted lists and contractual provisions to assure that it was used correctly; internally, use passwords and other means to screen what employees could access; have an internal privacy policy; audit and monitor compliance and discipline violators; and use every opportunity to use technology to enhance privacy.

In the telecommunications industry, Pacific Bell and Bell Atlantic had released privacy principles. Pacific Bell's Customer Privacy Guidelines explained, "Ten Ways We Protect Your Private Information." Among the principles listed were that, whenever possible, Pacific gave customers choices about how to protect their privacy; that Pacific would not use customer information to market to customers if they asked Pacific not to; and that Pacific did not sell customer information unless it was already available to the public through a Pacific Bell directory or directory assistance.

Bell Atlantic had Residential Customer Information Privacy Principles and the Company pledged to provide information to non-Bell Atlantic entities only for business purposes such as billing, to prevent fraud, at the customer's request, and as required by law. Bell Atlantic allowed customers access to the information in their customer records, stating that its service representatives would answer any questions about the information, how it was used, and how to correct inaccuracies. Bell Atlantic stated that its principles would be reevaluated and revised as necessary in light of changing technologies and privacy expectations.

INCORPORATING INPUT AND TAKING ACTION

In developing means of protecting customer privacy, the NYNEX Public Policy Council agreed that a progressive policy that met the privacy expectations of customers would ultimately produce more robust opportunities to compete by offering innovative services to retain existing customers, and to attract new ones. In its deliberations, the members cited three primary goals that should determine NYNEX's policy on the use of customer information: (1) customer service expectations; (2) competitive equity, especially where a telephone company or other enterprise was the dominant provider; and (3) customer privacy expectations.

The Council directed a working group to draft NYNEX principles on the use of customer information. The members offered their view that the public's trust that NYNEX respects the confidentiality of customer information was one of the Company's most important assets and that NYNEX should commit to privacy principles which reinforce this trust. "If the Company must err toward too much or too little protection," they said, "it should err on the side of overprotecting customer information. NYNEX must not vitiate one of its strongest competitive advantages vis-à-vis other companies."

Finally, a distinction between short-term and long-term policy was drawn. In the short-term, NYNEX must act within the framework of a heavily-regulated environment and meet its customers' expectations of privacy. In the long-term, it was expected that NYNEX would be operating in a fiercely competitive environment with less regulation and would compete to offer an array of services to its customers. The issue was how best to preserve public trust without impairing its ability to serve customers more effectively in the long-term.

CLOSURE AND IMPLEMENTATION

In 1995, the Council approved nine Privacy Principles which are applicable wherever there is individual subscription to, or use of a NYNEX service, with the goal of protecting a customer's telecommunications-related personal information. Implementation of the Principles began with communication to NYNEX officers and department heads and was followed by dissemination throughout the organization as well as to regulatory and legislative stakeholders.

Communication with customers is always ongoing and takes place through customer service representatives, customer information brochures, consumer advisory councils, in NYNEX telephone directories and through direct mailings. Employees can contact a subject matter expert for customer privacy questions and also have access to an ethics hotline for privacy concerns they may have. The Privacy Principles have been incorporated into the NYNEX Code of Business Conduct and video and written training materials are available. Employee training is ongoing. Employees who fail to follow the Principles face disciplinary action, which can include dismissal.

Creating the NYNEX Privacy Principles was a process that necessarily took into account the Company's history of public confidence as well as an impending, dynamic, multi-player, competitive market for telecommunications services. The Principles will be reevaluated regularly to meet customer expectations for privacy and service, and in order to ensure compliance with applicable law.

Attached are three NYNEX privacy documents: Attachment 1 is part of a NYNEX newsletter article that communicates the NYNEX Privacy Principles to all employees--this attachment lists the NYNEX Privacy Principles with explanations; Attachment 2 is the remaining text of the NYNEX newsletter article that communicates the NYNEX Privacy Principles to all employees; and Attachment 3 is an excerpt from the NYNEX Code of Business Conduct on safeguarding customer privacy.

_________________________________

ENDNOTES

1 The activities and purpose of the NYNEX Public Policy Council which guided the development and the implementation of the Privacy Principles are as follows: Formed in 1993, the Public Policy Council (PPC) determines NYNEX's position and defines its actions on issues affecting the Corporation that will be resolved by external authorities, or which have a material public policy impact. In the last quarter of each year, the secretary of the PPC and his staff poll PPC members, officers and department heads, and subject matter experts for short-term and long-term issues that they recommend the PPC address in the following year. The PPC selects the highest priority issues for review in the coming year and the issues are adjusted during the year as circumstances warrant. The secretary of the PPC and his staff work with various NYNEX issue owners and departments to create issue papers which assess options and summarize policy recommendations. Issue papers are distributed to the PPC for review prior to each meeting. The Council meets each month to determine the Company's position on four to six issues. The Council communicates the decision to the issue owner, who in turn, initiates implementation or follow-up action, depending on the outcome. Decisions are also communicated through meeting minutes, officer reports, and quarterly reports, which are distributed to a broad base of employees. Recommendations often include the creation of an issue-specific communication plan to support implementation. A small PPC staff supports and tracks implementation by issue owners and departments.

2 Examples of customer information can include the customer's social security number, name and address, the customer's credit history, the numbers called by the customer, the pattern of phone calls made by the customer, and the telecommunications services ordered by the customer.

NYNEX limits the information it obtains about customers to what's needed in the normal course of providing service. And it follows stringent procedures for protecting customer information.

2) NYNEX informs customers how information it obtains about them is used, as well as their options regarding its use.

NYNEX will distribute a "Privacy Statement" to customers that describes the type of information a NYNEX business unit obtains about customers, how it's used, when it might be disclosed, the measures NYNEX employs to protect it and ways the customer can restrict the use or disclosure of that information.

3) NYNEX gives customers opportunities to control how and if it uses individual information about them to sell them NYNEX products and services.

Customers have a large measure of control over how NYNEX uses their individual information to market new products and services to them. While NYNEX does use customer information to promote products and services that particular customers may find useful, NYNEX won't call customers or send them direct mail for marketing purposes if they ask NYNEX not to.

4) NYNEX enables customers to control how and if it discloses individual information about them to other companies--except as required by law or to protect the safety of customers, employees or property.

Subject to legal and safety exceptions, NYNEX won't share individual information with unaffiliated companies, or with affiliates that haven't agreed to protect customer information--unless NYNEX either obtains customer consent or gives the customer an opportunity to "opt-out" (to choose not to have their information disclosed).

5) NYNEX strives to provide customers with access to information it has obtained about them and allows them to correct errors in that information.

It is NYNEX's responsibility to give customers access to the information it has about them. NYNEX uses sophisticated data processing technology to help ensure that the information is accurate.

6) NYNEX considers privacy when planning and introducing new services and informs customers of the privacy implications of these services.

NYNEX will investigate the privacy implications of new services, build safeguards into services before they're introduced and alert customers about the effect on privacy the new services might have.

NYNEX's Code of Business Conduct clearly states this policy: NYNEX must protect the privacy of all forms of customer communications--whether voice, data or image transmissions. Employees who fail to follow the principles will face disciplinary action, which can include dismissal. (See customer privacy excerpt from NYNEX's Code of Business Conduct in Attachment 3.)

8) NYNEX complies with all applicable privacy laws and regulations wherever it does business.

Customer and policy maker perceptions of privacy can change over time. That's why NYNEX will regularly examine--and update, if necessary--its privacy principles to ensure that they continue to reflect exacting standards for privacy protection.

9) Each NYNEX company is responsible for implementing these principles and informing customers about its privacy practices. NYNEX encourages companies related to, but not wholly owned by NYNEX, to adopt these principles.

Every NYNEX business unit will: evaluate their particular needs and determine how to best implement the principles; develop their own privacy policies and procedures based on the principles; inform their employees of the policies and train them in the proper procedures; and develop a customer statement informing customers how personal customer information is used and how they can control its use and disclosure. The Public Policy Council will ensure that business units comply with the principles.

ATTACHMENT 2

Communication of Privacy Principles to

NYNEX Employees

Company Newsletter

January 15, 1996

Rules Set To Protect Customers' Privacy

Responding to growing consumer interest in the privacy of customer information entrusted to businesses, the NYNEX Public Policy Council has established a set of nine "Privacy Principles" that define the corporation's commitment to protecting customer privacy.

The NYNEX Privacy Principles guide employees in handling customer data so that privacy won't be compromised--and they give customers choices and control over how NYNEX uses that information.

NYNEX business units currently are developing plans and procedures to implement the principles into their operations. These principles balance customer concerns about privacy with their interest in receiving good service and new products from NYNEX, according to Shelley Harms, executive director-Policy in NYNEX Government Affairs.

"At a time when new telecommunications technologies create new business opportunities for us, the personal information we obtain from customers can help us serve them better," said Harms. "But we have to use that information responsibly--and limit it to what's needed in the normal course of providing service."

The Privacy Principles are corporate policy that apply to all of NYNEX. "Each NYNEX business unit is responsible for executing the principles, adapting them for their own needs and communicating privacy procedures to their customers and employees," said Harms.

The principles may be implemented in different ways, depending on customer expectations. "Some customers are more concerned than others about the information we collect about them," explained Harms. "Residence phone customers may have different privacy expectations than, say, businesses that advertise in our Yellow Pages directories.

"Not only do we expect our employees to respect the privacy of our customers, but we'll also encourage our business partners and suppliers to do the same," she said.

The principles and key messages about privacy are being communicated to employees in a number of ways, including the revised NYNEX Code of Business Conduct and employee meetings to discuss the Code.

The principles will be strictly enforced, and violations will lead to disciplinary action, which can include dismissal.

Business units will prepare Privacy Statements for customers that describe the type of information they obtain about customers, how it's used, when it might be disclosed, the stringent measures NYNEX employs to protect it and ways the customer can restrict the use of that information.

"NYNEX provides services that reach deep into the personal and business lives of our customers--people who have come to trust us with their account, billing and communications records," says Harms. "We're working hard to uphold their trust."

An outside expert on privacy gives NYNEX's principles high marks. "I'm very impressed with the NYNEX principles--they are consumer friendly, clearly presented and will go a long way toward protecting customer privacy," said Dr. Alan Westin, publisher and editor of "Privacy & American Business." Westin monitors and reports on privacy programs in American businesses.

NYNEX incorporated its guidelines for safeguarding customer privacy into its Code of Business Conduct. Below is the excerpt from the Code pertaining to customer privacy.

ATTACHMENT 3

NYNEX Code of Business Conduct

Putting Values Into Action

Safeguarding Customer Privacy

NYNEX provides services that reach deep into the personal and business lives of our customers. Our customers have come to trust us with their account information, records and communications data. Maintaining the privacy of our customers is a serious responsibility. Therefore, we will only use the information we receive about our customers for NYNEX business purposes. We enable customers to control whether and how NYNEX discloses such information to any other company or entity except as required by law or to protect the safety of customers, employees or property. We also give customers opportunities to control whether and how NYNEX uses such information to market additional products and services to them.

Q: I am a customer sales representative. I know that I may not generally release customer information outside the company without obtaining prior authorization from the customer. A telecommunications vendor tells me that a customer has authorized her to obtain information from their telephone service record. May I provide this information?

A: It is common for customers to authorize a vendor to act on their behalf. However, before releasing the information, you should check the customer's record to be sure that the customer has authorized such release to the particular vendor. If there is no such authorization, you should refer the vendor to the customer to obtain written authorization.

In addition, we must protect the privacy of all forms of customer communications--whether voice, data or image transmissions. That means:

We will respect customer privacy, never tampering with or intruding upon any communication or transmission.

We will not listen to or monitor any conversation or transmission, nor will we divulge its existence or contents, except as required in the proper management of the business or as required by law.

We will not gain access to any customer account, records or reports except for authorized business purposes.

We will not gain access to our own customer records and reports, or those of other employees, family and friends, without prior approval by our supervisor.

We will not disclose any information about our customers' communications, transmissions or information processing arrangements, unless required to do so by law, or for the safety and protection of customers, employees or property. Nor may we disclose information concerning the issuance of a subpoena, warrant or court order for communications or records to customers or unauthorized employees. If such information is requested, the request should immediately be referred to the Security department.

At least one company, Dun & Bradstreet, does maintain significant data protection for the information it collects about business principals in its business reporting activities.1

INTRODUCTION AND OVERVIEW OF THE DUN & BRADSTREET CORPORATION

The underlying philosophy of The Dun & Bradstreet Corporation, "Man's Trust in Man," is at the heart of the company's activities, especially in its handling of information. A statue bearing the quotation sits in the lobby of the company's headquarters, underscoring a principle of its founding in 1841--created for the purpose of providing accurate, impartial and trusted information about businesses to facilitate commerce. While the companies of the corporation include Dun & Bradstreet, Moody's Investors Service and Reuben H. Donnelley, the focus of this paper will be Dun & Bradstreet.

Dun & Bradstreet collects information on over 40 million business establishments from 217 countries, investing $360 million annually in these data collection activities. Up to 1,500 data items are collected on each business, drawn from sources ranging from the owners or principals of the business itself to public records.

Attachment 1 contains the company's Business Information Report product, which provides an example of the business data collected. While all are business-related, some are specifically identifiable to the individual owners or principals of the business entity. Data that are business-related, such as those collected by Dun & Bradstreet, are limited to information about the business principals deemed relevant and necessary for business credit decisions. Such business uses represent non-personal interests, pertaining to a business enterprise for business-to-business commerce decisions, not the individual personally.

The distinction between personally identifiable information that is of a business nature and information that is of a consumer or personal nature is a meaningful one, as data protection issues are directed typically to the latter. Such data include personally identifiable information about individuals in their personal capacity as opposed to business capacity, if any. Despite the absence of an omnibus regulatory regime in the United States, Dun & Bradstreet is, nonetheless, comprehensive in the application of data protection practices, as noted by the authors quoted in the opening of this paper.

CORE ISSUES FOR SELF-IMPOSED ACTION

Dun & Bradstreet has offices in 37 countries, of which 26 have some level of existing national data protection laws, enacted for the purpose of providing guidelines on the collection, processing and dissemination of information about individuals (see Table 1).The presence of these laws, however, is not the principal reason why Dun & Bradstreet applies data protection practices proactively in all its countries of operations, including the United States.

National laws, while specific in their direction, are not the bases for action. Rather, the bases for action are the benefits to the company, to the businesses it serves and to the individuals upon whom we depend upon for the provision of information.

EXAMPLES OF DUN & BRADSTREET'S

DATA PROTECTION PRACTICES

Through detailed written documents, comprehensive employee training and careful auditing, Dun & Bradstreet aggressively promotes data protection practices throughout its business activities. The commitment carries to shareholders, who see the company's general statement on data privacy in the annual report.

The following highlight several more visible practices in the context of traditional data protection instruments, such as the European Union Data Protection Directive adopted October 1995.

Dissemination Controls

Controlling access benefits Dun & Bradstreet, as a provider of information, and the data subject at issue. Controls are applied over those D&B employees, and within a customer site, who may have access to certain data systems. And, restrictions are imposed on the uses of the attendant data, discussed later in Section III.D.

Dun & Bradstreet protects the confidentiality of the data it collects through strict contractual processes that stipulate valid/authorized uses of the data supplied to users. For example, the company does not provide reports or information to third-parties without a contractual relationship. The standard contract binds customers to relevant US and foreign laws by specifically stating: "Customer agrees to comply with any applicable requirements imposed by US or foreign law, or, if unable to comply, to refuse the Information, Software or other service subject to the foreign law."

Data quality

Data quality is at the heart and soul of any successful information company. Insuring that data are as up-to-date and accurate as practicable benefits the data subject and Dun & Bradstreet. Exhaustive measures are applied to this goal where, in the US alone, there are over 17 million direct business contacts per year, including in-person, telephone and mail interviews that generate 670,000 updates per day.

A Dun & Bradstreet quality review program, as one example, is maintained in the local office where data about a business entity are first collected. Applying this measure at the point of data collection engineers quality into the collection process. The approach is superior to addressing quality exclusively at the end of a process (traditional quality control), whereby more errors can enter a system and, potentially, increase the errors being communicated externally.

Purpose and Notification

The purposes associated with the data Dun & Bradstreet collects bridge to an earlier stated mission--providing accurate, impartial and trusted information about businesses to facilitate commerce. To that end, careful attention is paid to insuring clarity for data providers and employees.

The most "personally identifiable" data captured and reported by Dun & Bradstreet are antecedent information about the principals or owners of a business entity. The stated purposes behind capturing this information, as an example, are that it gives trading partners a sense of who is responsible for the decisions that drive that business, provides the business qualifications of the managers and serves as a resource to assess the likelihood of the business' success. First and foremost, the owners or officers of a company are approached as the best source of such information and, therefore, are immediately aware of its existence.

Notification of the existence of or change in information about a business is addressed proactively elsewhere in Dun & Bradstreet's practices. For example, each time a business report undergoes a full revision, a post card notification is sent to the primary contact at the business entity, alerting him or her to the update and providing a toll-free number to contact to receive a complimentary copy of their Business Information Report.

Rights of Data Subjects--Access, Correction

and Limiting Uses

Dun & Bradstreet provides data subjects specific rights to insure that data are reported fairly, objectively, accurately and completely. Failure to empower a data subject will, in the long-run, temper that individual's or organization's willingness to volunteer information, thereby compromising the completeness of the data sought. Our goal is to have the best data possible for our customers, which is feasible only if data providers support that goal.

We provide a business entity access to the information we capture about it, procedures for initiating a correction process for errors and the ability to limit uses of certain data. For example, when the business owner or principal contacts Dun & Bradstreet with information about a potential error, we "act promptly to correct errors or misleading information, whenever we learn of it."3 Depending upon the matter raised by the business management, a "Stop Distribution" can be applied to the relevant business report until resolved.

Dun & Bradstreet's dedication to reporting facts accurately and fairly necessitate having no hesitation in stopping the distribution of a report and issuing a correction notice. When it is brought to our attention that information issued in a report is erroneous or is asserted to be erroneous, we not only seek to stop the distribution of the report in question, but also the distribution of ancillary products affected by the error. A correction notice is sent to those known to have received the erroneous data. A detailed control sheet for managing corrections contains over 30 steps, each dated, to address distribution stoppage, corrective action, report/product revision and correction notices.

Access to Dun & Bradstreet information is restricted or restrictable from several vantage points. Two examples include restrictions we apply unilaterally and restriction options we make available to data subjects (the business entities). Uses prohibited unilaterally are those uses that conflict with the stated purpose for which information is collected.

Concurrently, a business may have its information removed from business marketing lists published by Dun & Bradstreet. The "de-listing" can be requested orally or in writing by an authorized representative of the business, resulting in its removal from marketing directories, publications and/or mailing lists. Every effort is made to discuss the de-listing process with the business to both understand the reason for their request and to insure that the request may not be misdirected (e.g., business principal, receiving direct marketing material, was selected from a list not belonging directly or indirectly to Dun & Bradstreet).

Documentation and Training

Internally developed documents span volumes exceeding 1,000 pages total and address over 1,000 instruction sets on more than 350 topics, including guidelines for data collection, accuracy, quality control, updating, notification, disclosure and more. Examples of the relevant reference material include:

The Manual and Guide for Dun & Bradstreet Analysts;

Keys to Basic Business Reporting;

Accuracy in Reporting;

Reporting General Instructions;

National Reporting Training Publication;

Manager's Source Book of Policies and Procedures; and

Information Policy Manual.

These documents detail the policies and procedures associated with data collection, quality reviews, responding to inquiries, handling complaints, reporting changes/updates, correcting erroneous files internally and those delivered by third-parties, and excluding certain data. A relevant leading statement in one of the training documents reads "there is a vital need to respect individuals' rights of privacy," and "[employees] will not discuss Business Information Reports or the contents of Business Information Reports with non-business associates or friends."

Five groups of "data handlers" are educated on aspects of the above points--people who provide data, employees in the field who collect data, employees in the operations centers that process and store data, employees who deal with customers, and customers/users of D&B's business data.

The successful training of employees depends upon starting with a core skill set and applying a certification process. The company balances the two issues of experience level and existing training of the employee with the type of report or data for which he or she is responsible. For example, the front-line data collectors--business analysts--are responsible for gathering facts about a business, understanding and properly weighing the significance of those facts and preparing the initial report or updating an existing one about a business. These data collectors typically possess a degree in accounting or finance, and have relevant skills and experience to perform their duties successfully. Within their first-year, the training includes a curriculum of over 70 formal courses, tiered into two phases, which conclude with formal certifications. For other employees, such as support personnel or individuals in tele-centers, the training is tailored to their duties and experiences.

Assignment of Functional Responsibility

Relevant functional responsibility exists in all aspects of Dun & Bradstreet's data collection, processing and dissemination activities. For example, within the General Counsel's office is a designated lawyer with global responsibility for the company's data protection policies. This individual's working knowledge of the business, and of data protection and its importance, are reflected in a broad array of publications, including numerous US and international law journals.

Operationally, each issue covered above is overseen by a senior manager and field team, with audit tools to insure full compliance with the practices.

OPTIONS FOR DATA PROTECTION PRACTICES AND RATIONALE FOR D&B'S APPROACH

Dun & Bradstreet's data protection practices in the US long predate the European Union Data Protection Directive. These practices, as noted previously, exist because "it is good business." We continually evaluate existing and proposed instruments around the world--those from the countries in which we operate and elsewhere. The complexity of the data we collect, the stated purposes for which they are collected and made available, the existing federal and state laws of the US, the expectations and needs of the US business community and economy, and the resources necessary to fulfill a role first established 155 years ago have been well served by comprehensive self-regulation.

Dun & Bradstreet's practices, much as the authors of the EU Directive sought, attempt to draw together provisions that strike a desirable balance between the interests of data subjects and the information needs of society. The data subject here is a business and its owners or principals, and the information user is the business' trading partner.

While reasons of confidentiality preclude discussion of the actual cost-benefit analyses associated with the practices chosen, some of the attendant qualitative reasons are noteworthy:

Strict controls over the access and dissemination of data increase the ability to protect intellectual property rights.

Disclosing to data subjects and other providers of information the purpose for which data are collected maximizes their willingness to provide such data. The cooperation increases data coverage, accuracy and completeness.

Insuring employees are knowledgeable about and accountable to strict confidentiality standards maintain the integrity of the systems and trust by data subjects.

SUMMARY AND CONCLUSIONS

Are data protection practices good for individuals? Yes.

Are they good for business? Yes.

The data protection practices applied by Dun & Bradstreet on a self-regulatory basis closely parallel the measures sought by national instruments. They address dissemination controls; data accuracy, currency and relevance; notification to data subjects; data subject rights for access, correction and distribution restrictions; training; documentation; management responsibility; and employee accountability. The company benefits enormously from these measures as they facilitate the most complete data possible, superior data accuracy and trusted business relations.

We believe it is the private sector's responsibility to take a leadership role in the application of data protection practices and to work with the government in developing solutions that serve the needs of the United States and its trading partners.

2 While the United States does not have an omnibus data protection law, it does have a broad portfolio of sectoral laws, including the Fair Credit Reporting Act 15 U.S.C. §1681, which applies to reports on consumers, not reports on businesses such as those produced by Dun & Bradstreet.

3 This quotation and other similarly noted quotations are taken directly from company documentation referenced in the section entitled: "Documentation and Training."

The Direct Marketing Association (DMA), the largest trade association for businesses interested in direct marketing and database marketing, is pleased to participate in the National Information and Telecommunications Administration's ongoing effort to study consumer privacy issues in the online world.

The DMA represents more than 3,000 United States corporations as well as 600 corporations from 47 other countries. DMA members use all media to reach their customers and prospects-- mail, telephone, direct response TV, radio, home shopping networks, as well as cyberspace. As a long-time champion of consumer choice and a leading advocate of self-regulation and peer regulation, the DMA continues to examine how best to ensure that consumers in the online environment are afforded opportunities both to learn about products and services of interest to them and to express their preferences regarding marketers' collection, use, or dissemination of information about them.

After brief discussions of consumer endorsement of direct marketing and its important role in the national economy, and the DMA's approach to empowering consumers in traditional media, this paper reviews the use of self-regulation and technology to protect consumer privacy in the National Information Infrastructure (NII). It demonstrates that industry guidelines, coupled with applications of new consumer choice technologies, ensure a self-regulatory regime that is flexible and second to none in protecting consumer privacy in a global medium.

THE CONSUMERS' EMBRACE OF DIRECT RESPONSE MARKETING

More than 68 percent of all American adults depend on the convenience and reliability that shopping from home offers, according to data from Simmons Market Research Bureau. A three-year study conducted by The WEFA Group found that direct marketing in the United States now generates more than $1 trillion per year in sales. The study found that in 1996 American consumers purchased nearly $635 billion in goods and services, and American businesses purchased another $543 billion in goods and services, via direct response (all media). Compound annual growth is forecast to exceed seven percent for consumer direct marketing sales and 10 percent for business-to-business direct marketing sales through 2001. The study also found that nearly 50 separate industries substantially rely on direct marketing techniques. These include the publishing, financial services, retail, catalog, high tech, and transportation industries, among others--as well as non-profit groups, charitable organizations, and political parties.

According to a Gallup study of marketing executives released in April 1996, 77 percent of United States companies use direct mail marketing to some extent. DMA's members, in fact, include some of the most well-respected names in business today, including LL Bean, JC Penney, Time, American Express, Columbia House, Doubleday Books, IBM, MCI and AT&T as well as new media companies such as America Online, CompuServe, Prodigy and Microsoft.

In addition, businesses using direct marketing techniques are creating jobs in our economy. The WEFA Group study found that, in 1995, more than 20 million workers were employed throughout the U.S. as a result of direct marketing activities--to both consumers and business-to-business. Forecasts for the year 2000 project that the growth in direct marketing sales and employment will outpace the growth in the U.S. economy overall, as consumers and businesses rely more heavily on direct marketing to meet their shopping needs.

The growth of direct marketing confirms consumer endorsement of direct marketing as a widely accepted and trusted method of conducting business.

DMA'S EFFORTS TO EMPOWER CONSUMERS PRIOR TO THE NII

The economic contributions of this business would not be possible without its history of leadership in developing self-regulatory principles, peer regulation programs, and consumer and business educational materials and initiatives. And certainly the future of this business and its foray into new media rests on the same commitment to self-regulatory principles that has brought direct marketing its success both here at home and, increasingly, as its practice is successfully exported globally.

Over the years, DMA has initiated an array of consumer protection and education programs. Moreover, DMA has enjoyed excellent cooperative relationships with consumer organizations, legislators, as well as regulatory and law enforcement agencies at all levels of government.

Handling Consumer Complaints: Guidelinesand Peer Review

DMA initiated its self-regulatory programs for ethical business practice in 1960. The ongoing development and implementation of these programs is guided principally by two bodies comprised of a diverse representation of DMA membership.

DMA's Ethics Policy Committee oversees development of and revisions to guidelines. DMA's Committee on Ethical Business Practice, a peer review program, responds to cases of alleged guideline violations brought to its attention by an array of sources--business, consumers, public officials, and the media. This peer-review process is effective. Most cases are resolved through cooperation with the Committee and its recommendations. Members that do not resolve complaints cooperatively are subject to review by the DMA Board of Directors and suspension or revocation of membership. In the rare instances where violations of law are suspected, the Committee refers matters to the appropriate law enforcement agency. Both committees continuously revisit DMA's long-standing Guidelines for Ethical Business Practice to ensure that they remain in step with advances in data use and management, technology, current business practices, and consumer opinion.

DMA guidelines concerning personal information protection advocate consumer choice by giving them both information about the collection of data and the opportunity to opt out of the marketing process.

During the late 1980s, when the widespread accessibility of direct marketing computer technology by organizations of all sizes sparked increased interest in direct marketing among businesses and consumers, the DMA examined the privacy implications of a host of new direct marketing applications.

A Privacy Task Force was formed in 1989. One of the products of DMA's Privacy Task Force is the DMA Fair Information Practices Manual. This step-by-step "how to" manual is designed to assist businesses in developing and implementing companies' policies and procedures on the use of information that will create a fair information culture for organizations. DMA's manual has been extremely well received and, to date, has been distributed in 25 countries.

Consumer Choice: MPS and TPS

The DMA established the Mail Preference Service in 1971, a service offered free of charge, to give consumers the ability to remove their names from the lists of many major marketers, substantially reducing their national advertising mail. A similar service established in 1985, the Telephone Preference Service, reduces the number of telephone marketing calls consumers receive at home. MPS and TPS currently provide a name-removal option to 2.9 million and 850,000 Americans, respectively. And in 1994, a global convention of Mailing Preference Services was signed by the DMA and the DMAs of various other countries to provide for the exchange and extension of MPS service in international, cross-border marketing efforts.

Consumer Education

The DMA ensures that both MPS and TPS are regularly promoted in broadcast and print media nationwide. Action Line Reports, which are issued to more than 700 consumer reporters from broadcast and print media, as well as state and national consumer protection officials, feature information on the services several times a year. Information on the services is also made available through media interviews and press inquiries (an average of 4,000 yearly), and in feature articles in leading publications. Many magazines and municipalities carry MPS consumer response coupons which are mailed to DMA for processing. In addition, DMA's Ethics and Consumer Affairs Department provides further information about the services to federal, state, and local consumer affairs and regulatory agencies across the country.

The DMA also sponsors several consumer brochures, including some produced in cooperation with the Federal Trade Commission and the United States Postal Inspection Service respectively. "Direct Marketing: Opening the Door to Opportunity," for example, explains how consumer data is used for marketing purposes. This booklet also provides consumers with advice on how to control their mail volume.

Dialogues With Consumer Leaders

The Dialogue on Direct Marketing Series are meetings held twice a year in various parts of the country between direct marketing professionals and consumer affairs and regulatory officials from such organizations as the National Association of Consumer Agency Administrators, Better Business Bureaus, United States Postal Inspection Service, Federal Trade Commission, United States Office of Consumer Affairs, and National Association of Attorneys General. Initiated in 1985, the meetings provide exceptional opportunities for the participants to discuss issues of mutual concern, and to work together to provide a positive environment that serves both the consumer and the marketer. The Dialogues also open new avenues for the dissemination of consumer educational material on important issues, including fair information practices. Many of the concerns expressed by consumer representatives have formed the basis of member educational initiatives.

EMPOWERING CONSUMERS ON THE NII

1996 Activities

Interpreting Existing Principles for the Online Medium: The Joint DMA-ISA Online Privacy Principles. During 1996, the DMA dedicated substantial resources to researching, learning, and determining how to address the special issues raised concerning consumer protections and privacy in the new media and to lead the development of a self-regulatory platform. For example, the DMA held frequent meetings during Spring 1996 with the Interactive Services Association (ISA) to develop joint principles that would meet consumer privacy concerns while enabling our respective members to test and use emerging new media to determine its value in reaching current and future customers. We also met with other important groups as well, including The Council of Better Business Bureaus (CBBB), the Association of National Advertisers (ANA), the American Association of Advertising Agencies (AAAA), and the American Advertising Federation (AAF), among others, to stay abreast of online marketing trends and concerns. The outcome of DMA's meetings with ISA was principles or statements on: (i) the appropriate notice and opt-out to consumers in an interactive environment; (ii) marketing via unsolicited e-mail; and (iii) marketing to children. The DMA has used these self-regulatory principles as the framework for additional guidance to its members.

Core Concepts: Notice and Consumer Choice. At the heart of the Joint DMA-ISA Online Privacy Principles are the twin principles of notice and consumer choice. They reflect the core principles that the NTIA in its October 1995 Privacy Report urged telecommunications service providers to adopt to protect consumer privacy: "provider notice and customer consent." NTIA's notion of "consent" resembles DMA's notion of "consumer choice." As NTIA described it at page 9 of its Report: "Affirmative consent would be required with respect to sensitive personal information. Tacit customer consent would be sufficient to authorize the use of all other information."

Statement on Online Notice and Opt-Out. The DMA's Online Notice and Opt-Out Principle urges all marketers operating an online site to make available their information practices in an online statement that is easy to find, easy to read, and easy to understand. When such a notice is made available to the consumer shortly after entering a site, those consumers with privacy concerns can choose not to receive these messages and not to do business with a site proprietor that has a policy that they find unacceptable.

The DMA has created its own privacy notice on the DMA Web site (http://www.the-dma.org).

Principles for Unsolicited Marketing E-Mail. Just as with traditional media, some users of the Internet are skeptical about unsolicited e-mail marketing. However, DMA believes that consumer attitudes toward marketing online are changing, as millions of new, average Americans log on and explore. It is within this changing environment that some marketers are seeking to test and use unsolicited e-mail as a commercial medium to disseminate marketing material.

DMA recognizes that there are unique sensitivities to marketing online in that consumers incur costs when they receive e-mail. As a result, we have sought to develop principles to allow for responsible use of the new media by marketers as long as they exercise responsibility and are responsive to consumers. That is, by sending e-mail to those consumers who appreciate the process, and, at the same time, assuring consumers on an individual basis the capability to control and limit unsolicited e-mail, we believe the proper balance between technological, marketplace and legal interests will be struck.

The jointly developed DMA/ISA principles on unsolicited marketing e-mail acknowledge the authority of a forum manager to establish the rules for his or her forum, encourage marketers to follow those rules, and give consumers who care to do so the ability to opt out of receiving unwanted solicitations.

Statement on Children's Marketing Issues. For decades, the business community has developed responsible practices for marketing to children using traditional media. Publishers, social organizations, academic institutions, product manufacturers, media and amusement companies for decades have depended on household information regarding families, parents and children to bring valuable products, services and offers into the lives of families. While the online market for children may be relatively small today, advertising support and sponsorship of social, cultural and educational benefits make the Internet a potential win-win for families and for businesses alike.

The DMA believes that the community at large--businesses, academia, consumer and child advocates and other responsible citizen stakeholders, as well as the government--have a shared responsibility to look after our children in a manner that will build and sustain an online community that nurtures children, encourages the use of developing technology in their interest, and provides an opportunity to educate parents to teach their children online safety and responsibility in the consumer online marketplace. To this end, the DMA is striving to maintain the appropriate oversight of a child's online experience by (1) developing guidelines for marketers; (2) working with available technology that allows parents to make decisions about what information their child transmits, and what a child has online access to, while continuing to enhance children's online experience; and (3) educating consumers and businesses about protecting privacy in the online environment. The DMA believes that privacy protection can be achieved by the development and implementation of appropriate guidelines and the dissemination of information to parents regarding technology options to oversee or define their child's online experience and the development of partnerships to educate the public.

The jointly developed statement on online marketing to children advocates that marketers take into account the age and maturity of their intended audience in making decisions about collecting data from or communicating with children, support the ability of parents to limit the collection of such data for marketing purposes, and advocate a special sensitivity to parents' concerns about the collection of children's names, addresses, or other similar information. The statement also opposes using marketing data collected from children for non-marketing purposes, e.g., individual look- ups, for government use, or for any purpose other than marketing and marketing research.

Helping Parents Protect Their Children Online: DMA's Parents' Page on the Web. As noted above, there are important roles for technology and consumer education, as well as industry guidelines. To lend our support to both the major role that parents should have in monitoring their children's online experience and the success of technologies that enable parents to do so, we have posted on DMA's Web site a listing of and hyperlinks to software packages we are aware of that assist parents in monitoring and controlling the behavior of their children online.

Assisting Marketers Disclose Their Privacy Policies to Consumers: Customizing Web Notices. The DMA is developing a "how to" package, accessible online, that will enable marketers in a few easy steps to create accurate and effective consumer privacy policy notices for their Web sites. In responding to questions in the package's questionnaire about their site's information practices and capabilities (such as what information is collected, how it is used, and how visitors to the site can opt out from some of these uses) marketers are able to create their own privacy policy statements for online consumers. This package, which can be downloaded, can be reached on the DMA Web site (http://www.the-dma.org) beginning January 1997.

Resources to Help Marketers Meet Consumer Expectations: Privacy Action Now. At its October 1996 annual conference, the DMA distributed a Privacy Action Now kit that educates its members about the importance of consumer privacy issues and what they can do now in their business operations to protect consumer privacy, and lists privacy-related resources they should obtain and read.

Activities for 1997 and Beyond

Wider Implementation of Principles. The DMA undoubtedly will continue taking steps to disseminate its principles--both in traditional and online media--widely, and to educate consumers and industry participants about them.

Actively involving parents. The DMA is developing interactive activities for parents that will assist them in sharing their children's online experiences while learning about primary issues and making decisions about what information the children may transmit and what they have online access to. For example, it will set out an activity in which parent and child together test their knowledge of the ability of others to collect information about them, and another to help them develop family Internet rules for such online interactions. We expect that this will be ready for release by February 1, 1997.

Educating industry members. Through newsletters, educational programming at DMA conferences, and coordination with related trade organizations, the DMA will continue to ensure that its members are well informed about the latest issues and developments regarding consumer privacy in the online environment.

Increasing compliance. The DMA will be taking steps to make the operation of its ethics committees more visible to industry and consumers alike. For example, the DMA plans on releasing on a periodic basis summaries of the Ethical Business Practice Committee's deliberations, and actions taken against companies not complying with its ethical guidelines.

"Handshake" Technology. DMA has long been interested in harnessing technologies that can provide consumers with certain privacy protections on the World Wide Web. Current technological efforts, however, have focused on protecting against the receipt of obscene content, not on information collection. The two principal approaches that have emerged are filtering and rating. While they may be appropriate in the context of nudity, violence, or profanity, the DMA seeks a third approach to protecting consumer privacy that does not rely totally on blocking access to sites. We call this "handshake" technology.

This approach for protecting privacy has several characteristics. First, similar to the ratings approach, it would require Webmasters to classify the information practices of their sites, enable consumers to "set" their privacy preferences, and compare the site's classification with the consumer's preference. For example, a consumer might wish to set her preferences so that, when visiting Web sites that collect identifiable information from visitors, the site enables her to limit the purposes for which it uses the data. Software would then compare a consumer's preferences to a particular Web site's information practices before allowing the site to be viewed. If the preferences and practices matched, then there would be a "handshake" permitting the consumer automatic access to the site.

Second, unlike the ratings approach, the software would not automatically block access to sites that do not match a consumer's preference. For example, a consumer who typed the URL for the National Air and Space Museum's home page would not be blocked from accessing the site if its information practices do not match the consumer's privacy preferences. Rather, the consumer would be informed of the reason for the mismatch and, if he wished to proceed to the site despite the mismatch, could do so by clicking his mouse. His access to the site would be blocked only if after this "dialogue" he declined the opportunity to override his preferences.

The DMA has joined the effort to explore the feasibility of developing a universal vocabulary to allow this sort of consumer choice, and will work with the World Wide Web Consortium to develop technological support for this consumer decision-making capability.

Global Efforts

Coordination with DMAs of other countries. Recognizing the global nature of the industry and of the media by which they communicate with consumers, 23 direct marketing trade associations from five continents signed an agreement in October 1996 that will establish an International Federation of Direct Marketing Associations (IFDMA). The signatories to the agreement have agreed to advance and adhere to a set of professional education, ethics and self-regulation, public relations, and consumer education practices. Participants have agreed to establish self-regulatory principles for best practices for online marketing, building on earlier agreements for recognizing and facilitating consumers' mail and telephone preferences. The IFDMA establishes the framework for cooperative advancement of common principles across the globe in 1997 and beyond.

E-Mail Preference Service. The DMA is studying the feasibility of developing an E-Mail Preference Service (E-MPS) that would enable consumers to reduce the amount of unsolicited commercial e-mail. Information responses to the DMA's Request for Information, which was issued on December 16, 1996, will help the DMA determine whether to request proposals for the development of such a service in 1997. It is anticipated that there will be both a global E-MPS Web site and national E-MPS Web sites. The global E-MPS Home Page will have language options and point to the national E-MPS Home Pages where registration will take place. A copy of the Request for Information may be obtained by contacting Patricia Faley.

Bell Atlantic believes that the adoption of voluntary privacy principles, developed in a broadbased forum with representation from government, business, and consumers, is the best means of addressing privacy in a rapidly changing communications environment. Legitimate public and customer interests will cause responsible firms to follow such principles with no need for external mandates.

Self-regulation is particularly important in the formative stages of new information products and services. Services that are under development or are in the conceptual stage may significantly change traditional concepts of what is or is not private and how that privacy should be protected. Mandated, inflexible privacy regulations could interfere with the invention of creative new services to the detriment of all information users-- government, business, and individuals.

Bell Atlantic has lengthy experience in protecting the privacy of our customers' communications and information and has done so through our internal policies and practices. The company provides only the names, addresses and telephone numbers which appear in our telephone directories to third parties with the exception of information provided to other carriers to support the billing and collection, fraud prevention and call completion activities necessary to providing services to customers.

All Bell Atlantic employees are briefed annually on corporate privacy rules, including the need to honor customer privacy requests. They are told that failure to obey these rules may subject them to disciplinary action, up to and including dismissal. Physical security (e.g., locks on doors, card access), terminal access controls (sign-on procedures, passwords) and internal auditing functions are used to prevent and detect unauthorized access to databases and other communications facilities. Bell Atlantic continually reviews its privacy rules to ensure that they remain appropriate in the ever-changing environment.

Bell Atlantic is firmly committed to ensuring that the impact of new technologies on individual privacy is thoroughly evaluated and, as necessary, appropriate safeguards are adopted. We believe that voluntary adoption of fair information principles, not new regulations or laws, is the best means to address technology's impact on privacy.

INTRODUCTION

Over the past few decades, advances in communications and information technologies have created a variety of new and exciting products and services. Technology has simplified the creation, management and exchange of information. However, as the use of new telecommunications and information systems has become more commonplace, public debate about the potential impact on individual privacy has heightened.

Issues surrounding the collection and use of information have emerged across a wide range of industries and apply to any entity with whom customers share information. Such diverse organizations as the United States Postal Service, state departments of motor vehicles, insurance companies, video rental stores, credit card companies, and grocery stores maintain a variety of personal information about individual consumers. Although these areas are diverse, debate has centered around common themes of limiting collection and use of information about individuals, and safeguarding information from improper disclosure.

Many say that the increased focus on privacy is a result of the tremendous growth of communications and information systems technologies. Just a few years ago, only a small number of people imagined that the number of Internet users would grow so quickly, as would access to on-line services and the use of home and school computers. Personal communications services, interactive multimedia and other Information Age services are expected to become as commonplace in the near future.

Emerging Information Age products and services are expected to have even more significant benefits. However, according to recent national public opinion surveys, as technology has simplified the creation, management and exchange of information, people have become increasingly more concerned about the ways in which information about them is handled. Customers will be hesitant to embrace new Information Age services unless they can be assured that their information will be free from unauthorized access. More than ever, companies have to pay particular attention to information security as they develop new services.

DEVELOPMENT OF PRIVACY PRINCIPLES

Bell Atlantic has long taken seriously our responsibility to keep customer information confidential and free from unauthorized disclosure or access and considers privacy issues when new products or services are developed. Over the years, privacy issues have been intertwined with numerous communications issues, including privacy of customer conversations, wiretapping, and non-published numbers.

New telecommunications services have also impacted users' expectations of privacy. As an example, Caller ID (CID), a service first offered by Bell Atlantic, has been the focus of privacy debates since its introduction. Proponents of the service maintain that it safeguards the privacy and security of the person receiving the call by allowing the identification of the calling party prior to answering the phone. They also assert that it has been a tremendous deterrent to annoying and harassing calls. CID has been compared to a peephole in a door through which a person can see visitors prior to deciding whether or not to allow them into their home. Opponents, however, feel that CID violates the privacy rights of the caller and have argued for either per call blocking or per line blocking so the caller can remain anonymous. In managing the various privacy issues, Bell Atlantic has sought and will continue to seek a balance of customer privacy expectations with reasonable, legitimate business needs for information.

More recently in 1994, after recognizing the considerable public debates over privacy issues, Bell Atlantic decided to formalize its privacy principles by developing and adopting corporate-wide consumer information privacy principles. To that end, Bell Atlantic retained Alan F. Westin and Robert R. Belair, who are recognized leaders in the privacy arena. Bell Atlantic's staff, working with these consultants, undertook the following activities:

Received initial briefings from, and were given extensive documentary materials by, Bell Atlantic business units;

Held meetings with representatives from each of the Bell Atlantic lines of business concerned with, or using, consumer information;

Reviewed existing state and federal laws and regulations relating to telecommunications privacy, identified proposed federal and state privacy measures and reviewed privacy positions relating to Bell Atlantic and other telecommunications providers adopted by major consumer and privacy advocacy groups; and

Compared Bell Atlantic's existing privacy and information procedures with privacy principles and codes issued by other telecommunications companies and by firms in other industries handling personal consumer information.

Also in 1994, Bell Atlantic joined US West and Citicorp in commissioning Louis Harris and Associates and Dr. Westin to conduct a national survey of consumer attitudes and privacy expectations with regard to the emerging world of interactive services. This was seen as an important area to address in the early stages of Bell Atlantic's assessment on how to participate in this environment. Respondents were asked their opinions about general privacy issues, including their control of personal information, their attention to privacy principles, and the role of government versus industry in the development of privacy principles. In addition, the survey addressed attitudes about specific areas related to interactive services, including the use of subscriber profiling to target advertising, the ability to opt-out, and the use of personal identification numbers to control the flow of information. The privacy concerns expressed in this survey were addressed in the development of Bell Atlantic's privacy principles.

Drafts of the privacy principles were circulated to staff groups in each line of business to review, leading to the adoption of these principles by senior management in the spring of 1994. Bell Atlantic announced the adoption of these principles at the First Annual Conference sponsored by Privacy and American Business in the fall of 1994. In recognition of its commitment to the development of voluntary policies by industry leaders in diverse industries, Bell Atlantic sponsored the publication of a handbook of company privacy codes which was handed out at the conference. A copy of the Bell Atlantic Consumer Information Privacy Principles appears at the end of this paper.

Bell Atlantic's privacy principles recognize that the company is an "information partnership" with its customers to assure the appropriate and positive use of individual customer information. Under the principles, Bell Atlantic promises to collect and use only customer information that is relevant to Bell Atlantic's mission, to provide customers with notice and access rights, and to maintain appropriate policies for confidentiality and security based on customer consent and/or notice and an opportunity to opt-out.

Bell Atlantic actively educates our customers about privacy related business practices and holds our employees accountable for the proper use of information. New customers receive a copy of the Information Privacy Code in their initial bill. Copies are also made available through the business offices and an abbreviated version is published in the Customer Guide pages of our telephone directories.

To assure that all employees, particularly those dealing directly with customers, understand this policy, it has been incorporated into Bell Atlantic's Employee Code of Business Conduct. Each employee is required to review this code annually. Bell Atlantic's Corporate Compliance Officer is responsible for ensuring that all Bell Atlantic business units and their employees comply with the Code. In addition, a review of privacy issues is incorporated in our new product development process, periodic privacy reviews are conducted, and internal audits are undertaken to ensure compliance.

BENEFITS OF CORPORATE PRIVACY PRINCIPLES

Developing and adopting comprehensive information privacy principles was an important and beneficial process as it advanced Bell Atlantic's knowledge of company-wide information practices; caused the justification and prioritization of these practices; and identified areas or processes that pose privacy risks. Simply stated, the very process of developing a privacy code promoted awareness of privacy and information issues throughout company management and resulted in a set of principles that reflects Bell Atlantic's best thinking about how to use consumer information effectively to provide customer service and protect customer privacy.

Bell Atlantic believes that firms that address privacy concerns will have a strategic and competitive advantage that will differentiate them in the marketplace. These businesses will view the cost of development, implementation, and maintenance of privacy principles as valuable, normal business expenses.

Maintaining the integrity of information transmitted over our networks and residing in databases has always been a high priority for Bell Atlantic. The development of new products and applications, like home shopping, electronic and telephone banking, Internet commerce, telemedicine and distance learning, expands the amount of personal information transversing these networks and residing in these databases and makes the safeguarding of information from unauthorized access even more important.

Bell Atlantic recognizes that customers want to enjoy the benefits of new communications and information products and services without feeling that they have lost control over the circulation and use of information about them. Public opinion surveys indicate that the American public increasingly is prepared to take a company's privacy policies into account when making decisions to purchase services and products. As the telecommunications industry becomes more competitive, the opportunities for companies to differentiate themselves on the basis of the adequacy and attractiveness of their use and safeguarding of customer information grows. In addition, public opinion survey work makes clear that Internet users and other high-use telecommunications consumers are motivated to protect their personal privacy.

Bell Atlantic must continue to play an active role in the public debate on information privacy issuesw--especially as it affects new products and services made possible by evolving technology in order to attract and retain customers with services and technologies that meet privacy concerns. The current debates involving Internet services, copyright protection, encryption, and wiretap, as examples, must carefully balance customer or information owner privacy concerns with the legitimate needs of network and service providers for access to information in order to effectively provide the services.

It is a challenge to manage privacy issues as they relate to services not yet developed or even conceived. Corporations like Bell Atlantic need access to information to provide service, while individuals need to control the dissemination of personal information. Corporations must take the initiative to define with customers how information about them will be handled. Bell Atlantic believes that as consumers begin to use new information and communications products, they will seek out those providers who not only meet their needs for information age services, but also meet their privacy requirements.

CONCLUSION

All participants affected by privacy concerns, including those who build the networks, those who provide services, users of services, and government, should work cooperatively to assure privacy issues are addressed now, so that those building the infrastructure and developing services can accommodate needed protections.

In addition, education of both customers and employees is critical. Policies will only be as good as the level of understanding and commitment that the involved parties have. Companies must proactively provide information concerning privacy practices and empower consumers to learn about how information is used and shared.

As the description of Bell Atlantic's privacy code experience indicates, the process of evaluating information and privacy practices and developing a privacy code or set of privacy policies is a positive and useful experience which produces a tailored and effective result. This process would be truncated, if not altogether abandoned, in an environment where privacy is micro-managed through legislation or regulation.

APPENDIX A

INFORMATION PRIVACY CODE

Bell Atlantic's Privacy Policy:

With these principles, Bell Atlantic is forming a partnership with our residential customers for the proper and positive uses of personal information. These principles express our voluntary commitment to assuring strong and meaningful consumer information privacy protection in an era of rapidly changing communications technology and applications. The examples listed under the principles are meant to give our residential customers a sense of how these principles have been applied and are intended to be illustrative, not all inclusive. Residential customers can call the Bell Atlantic service and billing office if they have any questions.

These principles are guidelines to help us work with our residential customers to properly use personal information acquired through a variety of lines of businesses. In each situation, these guidelines will be applied in consideration of the legal and technological constraints applicable to each line of business.

POLICY STATEMENT

Information Collection and Use

Bell Atlantic only collects that information about our residential customers that helps to provide them with current and additional services. This information is also used to protect residential customers against telecommunications fraud, to conduct industry or consumer surveys, and to maintain good customer relations.

For example: We collect information about our residential customers for our business purposes only. We may ask residential customers about work-at-home activities or the presence of teenagers in a household to better serve their special communications needs and interests.

Disclosure of Personal Information

Bell Atlantic handles personal information about residential customers based on the sensitivity of the information and established disclosure practices. Bell Atlantic considers "personal information" to be information about specific residential customers other than names, addresses or telephone numbers. We provide personal information to non-Bell Atlantic entities only for business purposes such as to allow long-distance companies and other telephone companies to bill for telecommunications services and to prevent fraud, at the residential customer's request or as required by law.

For example: When law enforcement or other governmental entities serve Bell Atlantic with valid legal process for toll calling records, we notify the customer before we release the information, except when notification is prohibited by law, or we are requested by law enforcement to delay notification so as not to interfere with a lawful investigation. Contrary to what appears on TV and in the movies, we do not provide this information under any circumstances other than in response to legal process.

Customer Education and Empowerment

Bell Atlantic is committed to providing our residential customers with access to the information we have about them. Our Service Consultants are trained to answer customer questions. They will also provide explanations of how such information is used and how to correct any inaccuracies if they occur. In addition, Bell Atlantic actively seeks consumer and expert opinions to assure that we continue to meet our residential customers' expectations for privacy protection.

For example: Bell Atlantic regularly provides useful information about new products and service opportunities to our residential customers. However, consumers who do not wish to receive such information can "opt-out" or have their names removed from direct mail, telemarketing and customer survey lists that we use. They can also opt-out from lists of names, addresses and telephone numbers which we compile from our White Pages directories and provide to qualified companies who are conducting product or service promotions.

Bell Atlantic offers several privacy enhancing services including Non-published numbers, Caller ID, Per Call Blocking and Anonymous Call Rejection. We continuously seek to improve these services, and to develop others that help residential customers to control access to information about them.

Information Management and Security

Bell Atlantic's Corporate Compliance Officer is responsible for ensuring that all Bell Atlantic business units and their employees comply with our privacy principles. We have incorporated a review of privacy issues in our new product development process and conduct periodic privacy reviews. In addition, we pledge to use advanced technology and information-management techniques to assure that information we have about our residential customers is accurate, secure and confidential, and to ensure that our employees comply with our privacy policy.

For example: We use technologically advanced safeguards to increase data accuracy and to identify and authenticate the sources of residential customer information. We use locks and physical security measures, sign-ons and password control procedures and internal auditing techniques to prevent and detect unauthorized use of terminals and entry into our data systems.

Every year each of our employees reviews and signs an acknowledgement confirming his or her knowledge of Bell Atlantic's privacy practices and promising to follow them. The acknowledgement states that violation of these practices may result in disciplinary action up to and including dismissal.

Public Policy Participation

Bell Atlantic participates in and supports consumer, government and industry efforts to identify and resolve privacy issues, and to provide privacy protection related to new telecommunications services. Bell Atlantic also supports the development of international standards to protect personal information and its proper use on a worldwide basis. Our External Affairs department is responsible for coordination of Bell Atlantic's public policy participation.

For example: We participate in legislative and regulatory proceedings, industry-association efforts, and general business group activities relating to telecommunications privacy issues.

In addition, we believe that developing international privacy protection and information use standards is necessary to protect the needs of our customers. We support the development of measures to that end.

Future Products, Services and Consumer

Expectations

Bell Atlantic is committed to building a "full service network" to provide access to new interactive, multimedia services. Although many of these services are in the early stages of development, we pledge to evaluate any potential privacy impacts of these services before they are deployed.

Bell Atlantic recognizes that societal changes and advances in technology may change the public's privacy expectations. Therefore, these principles will be evaluated and revised, as necessary, to ensure that they continue to meet high standards for privacy protection and quality residential customer service.

U S WEST has consistently espoused the position that policies on "privacy" and other restrictions on information use cannot be sensibly addressed without discussing "access" to information. In an information market and economy, information is the means of exchange. Thus, if restrictions on access to information are deemed appropriate (whether for national defense, intellectual property laws or privacy reasons), they should be imposed only after a full consideration of society's interests and benefits from the free flow of information. Our presentation, then, consistently reflects the recognition that the "restriction/access" debate involves difficult issues, requiring delicate balancing.

As one of the following graphics demonstrates, whether acting in the capacity of individual, employee, or citizen, the wheels of efficient transactions are greased by information. Tremendous contributions to the domestic and international economy are generated by the free flow of information. For these reasons, resolving the tensions between information access and information restrictions will have profound and powerful effects on US and international economies.

Balancing the social value of access with the private value of control is the core of information policy.

WHAT IS CHANGING?

The telecommunications industry has traditionally been viewed and behaved as merely a provider of local or national conduit. Scant attention was paid to the content carried by service providers. However, this situation is changing as telcos, cable TV operators, publishers, and database operators expand into each others' markets. For example, Metromail, a substantial database marketing operation, is associated with MCI. US WEST has a similar operation, although not on the scale of

Metromail. Excel, a provider of operator services and directory assistance to carriers such as AT&T, is owned by a Donnelly corporation (directory publisher). US WEST's merger with Continental Cablevision is another example.

As conduit becomes increasingly available from a variety of sources and becomes more of a "commodity," more and more shareholder value for businesses, especially those which integrate communications technology with content, is derived from information content rather than conduit. And users, whether knowingly or unknowingly, rely ever more on the supply of information to function in society. One of the major market challenges is to create quality information products from the plethora of raw data available. The conversion of raw data into meaningful information comes through the innovation and creativity of information processors, seeking to meet the needs of their customers.

Technology is causing a shift from a world where relatively scarce conduit was chased by relatively abundant content. Today, the current situation is reversed with abundant conduit seeking relatively scarce marketable content to fill the conduit and channel capacity. This shift is due to the dramatic declines in the average and marginal costs of bandwidth, processing power and memory storage. Technological advancement has driven both a convergence of industries and the fragmentation and customization of applications. Digital storage and transmission are separating content from its embodiment in a book, record or other medium. These changes are being felt in the marketplace and society by users and providers alike.

EVERY DIMENSION IS CHANGING RAPIDLY --TECHNOLOGY, MARKETS AND PUBLIC POLICIES

Changes in information markets are being driven by changes in technology, market reactions and public policies. These changes are interactive and multiplicative; not separable or merely additive.

Both technology and industries are converging. Every business that intends to survive believes it must become an "information business," whether it be banking, real estate, telecommunications, retailing or manufacturing.

Certain market and social effects are evidenced by research which shows that individuals feel a loss of control over the use of personal information being collected now from multiple sources and merged with other collecting entities/mediums. Among these effects is the fear that the "electronic me" may be very different from the "physical me." The "electronic me" is reflected in credit reports, business profiles, credit card bill records, etc. There is increasing concern that decisions are made about me based on electronic records, not knowledge of "my real persona." While information marketers emphasize the benefits extended based on the "electronic me," considerable attention is paid by the media and the public interest establishment to the "deprivation" of "benefits" resulting from the disassociation between "my real persona" and the "electronic me." Ordinary people witnessing these debates in the press experience a rising sense of disquiet and loss of control.

Policy responses to these debates follow, although they rarely address the underlying issue, usually dealing instead with symptoms. Self regulation is urged. Critics claim it is unresponsive (regardless of whether a response is appropriate) and some sort of prescriptive or consultative regulatory regime is suggested as necessary. Regulatory intervention usually ignores the actual operation of the markets being addressed, the existence or nature of market failures, or the enforceability or costs of legislative or regulatory mandates. Worst, the policy responses are always behind the technology and the market readjustment.

THE LEGAL APPROACH

The US approach to information policy, in particular "privacy," has traditionally been segmented by industry, market, and "problem identified." The credit industry is subject to certain privacy rules, as are banking institutions, cable operators and video tape rental operations. While there may be good reasons for this, disconnected legal approaches directed to symptoms yield a patchwork of separate rules. To complicate matters, these rules are often inconsistent or fail to follow similar logical processes. For example, based on recent legislative action, affiliate sharing of internal "experience" information is allowed among financial companies with no customer consent, while the FCC is contemplating restricting such treatment in the case of telecommunications companies.

Furthermore, among policy makers, there is typically a lack of understanding of technological solutions (blocking, screening, etc.). The actual needs of the marketplace and the readily-available tools to satisfy those needs are often ignored or drastically underestimated because the legal discussion is typically framed in terms of "rights" advocacy. This advocacy tends to polarize the stakeholders. Where there is a "right" lodged in one party, there is a corresponding "obligation" imposed on another.

Legal approaches are usually built on precedents or analogies. While this approach makes eminent sense in some contexts, in areas involving rapidly changing technologies and exponentially growing opportunities for speech, all too often such precedents try to force fit new phenomena into existing legal paradigms. Frequently, resulting laws and policies are ignored; are enforced "strategically" (where only the "worst" offenders are targeted); or are altogether unenforceable.

To the extent the US legal system does not strike an appropriate balance between information access and restriction, content and communications will be driven "off shore." Indeed, among many students of the information market, there is an increasing concern that, with the globalization of the NII, legal "safe havens" are part of the economic development plans of many third world countries.

THE INFORMATION ACCESS SPECTRUM

In the past, to a considerable extent, the law and economics associated with information policy often reinforced each other. For example, copying and appropriating were difficult, making intellectual property violations or invasions of individual's informational space awkward or burdensome. In the absence of such reinforcement or technological difficulty, however, it is not clear that the law can stem the powerful force of the economics in information fluidity or flows.

Many of the current policy debates reflect the breakdown of historical "solutions" that were in place to restrict access to the more sensitive types of information on the information access spectrum. Those "solutions" were often the consequence of the high costs of overcoming the shortcomings of technology. Extensive collecting, duplicating, storing and retrieving and sorting of information were expensive.

But with the dramatically falling costs of processing, transmission, and storage technology, just the reverse is true--accessing and storing information is cheap. Editing and protecting information are expensive--whether the "collector" is government or private enterprise. Furthermore, the addition of editing/restriction technologies will carry a price tag, one that will be passed along to the consumer.

"Privacy" regulation suffers from the same general infirmity, in that it seeks to restrict access to information, barring some type of precedent event (disclosure practices, consent, etc.). Yet, it is not clear that the precedent event can be enforced in a manner that would stem the information flow either nationally or globally. Recognizing this tension forms the basis for US WEST's approach to thinking about information policy.

We began our policy work with the recognition that society has different interests in encouraging or preventing access to information, depending on the type of information being considered. Information associated with national security is generally conceded to be more deserving of "restrictions on access" than other types of information considered, such as an individual's name, address, and telephone number, information traditionally not private at all.

Market forces will drive the introduction of some level of editing, sorting and access restriction technologies, to accommodate customer concern and demand about the increasingly fluid movement of information. Legislative or regulatory policy-driven demands for additional investment in technologies which interfere with the free flow of information, however, should only occur in the presence of well-defined market failure and be constrained by the goal of minimizing market distortions. The US should not repeat the mistake made in environmental policy of requiring smokestack scrubbers on power plants when the same environmental benefit could have been gained more economically by the use of low-sulfur western coal.

BASED ON THE INFORMATION SPECTRUM, THE RIGHT QUESTION IS

Rather than legal or regulatory approaches, the key issues for policy makers to address are better served by a richer inquiry, based on an understanding of "interests" rather than "rights." "Who gets access to what information based on what terms and conditions subject to what enforcement tools?" One of the powerful aspects of this model is that it can be used with respect to various informational policy issues, ranging from "privacy" to intellectual property to entertainment content, etc. In each situation, answering the various components of the clarifying question renders one more likely to be able to determine where a prescriptive approach to information policy regulation might break down. Generally, market responses will be more accommodating to "filling that gap."

This question acknowledges that "balancing" in this area is always required, based on the specific facts and circumstances of each information policy discussion. Even with respect to personally identifiable information, the question will result in different answers with regard to the collection, use and distribution of the information involved. The interests of society and economic costs/benefits can produce different responses to the following questions, varying by time, industry and technology development.

Who. There are lots of different "whos." One issue always a part of the discussion is "who decides who the 'whos' are?"

Access. This addresses the means of obtaining information (electronic, paper, real time, read/ write, etc.), and what tools for restrictions on access or use might be appropriate to the circumstances.

What Information. One can answer the question differently for different types of information. Commercial transactional information has traditionally been deemed societally as less sensitive than medical records, for example.

Terms and Conditions. Should one pay for information and how much? For what kinds of information? How is it billed and collected? To what extent should there be restrictive agreements with respect to "permitted" uses?

Enforcement Tools. This is a critical and often overlooked set of issues. Passing unenforceable laws or policies demeans the whole process, but has both economic and societal impacts. Who enforces and how? What is the societal response to laws/regulations that are generally ignored or enforced only selectively? What sanctions, who bears costs of policing, what liabilities for transgressions? Are there already adequate tort remedies currently available?

WHAT INFORMATION?

None of the "buckets" reflected on the graphic are totally separate from each other, especially since all of them involve the issue of access versus restriction. But, the buckets represent a convenient way to think about the issues. The five contentious buckets of information are:

Transactions-based Customer Information (or Individually Identifiable Information). This category encompasses most of the discussions about privacy, marketing data, public records, etc. It is not clear that, as a general matter, non-technological tools (such as laws or regulations) can ensure control of information to the party to which the information relates. The sources are too abundant, the information often readily made available by the individuals themselves. For every claim of "information privacy invasion," there is at least one individual disclosing similar information in a non-confidential context.

Intellectual Property. This category reflects debates about copyright protection on the Internet, conduit liability, fair use, parody, and piracy of films and music, etc. While not often recognized or acknowledged, it also includes a "privacy" component. Should a service provider (whether conduit or gateway) invade a user's "private space" to enforce alleged third party intellectual property rights? What about a user's competing "rights" or interests?

Network Software and Data. These questions include issues of network security, hackers and viruses, software co-location, law enforcement and wiretap, encryption, etc. They also clearly implicate "privacy" issues, because they control the extent to which individuals can protect or restrict their own generated or received information, as well as Fourth Amendment search and seizure issues.

Information Content and Entertainment. This bucket encompasses issues like access to certain content in the home (including liquor/ tobacco advertising; the V or C Chip), definitions of pornography and obscenity, kid vid rules, fair use, hate speech, PEG channel requirements, and core First Amendment issues. It also includes a "privacy" component, as more and more the notion of "private space" which should be secure from unwarranted intrusion becomes a societally-endorsed goal.

TRANSACTIONS--GENERATED INFORMATION (TGI)

This is where the majority of the current debates about "privacy" take place. The debates usually generate more heat than light, enriched by anecdotal and emotional horror stories and fear-mongering. Only rarely does sound analysis and science come into play. The public is whipsawed by campaigns in the media which present half-truths and biased views. Politicians paint themselves as protective of the public; the public interest establishment justifies its existence and continued funding; the private sector often remains silent to avoid bad public relations. The result is increased public concern, further perceptions of lost control, and calls for action--any action.

The problem with transactional information collection and use is twofold. First, there are the issues associated with the "transactional me" versus the "real me" (alluded to above in the electronic context). Second, an individual cannot tell a priori where, when, and how a bit of information will be used by an individual or group. Information often moves fluidly, migrating to where it is needed and valuable. Indeed, the movement of information in a timely fashion is the foundation of the "capital" of an information economy, capital that produces tremendous societal benefits.

What is the solution? The key to a solution which results in reaching marketplace equilibrium in this area should begin with a recognition that people live in a multi-faceted world, where their information needs shift and change. They operate in different realms, as demonstrated by the next graphic.

Within each of these realms, information about individuals is collected and used. Sometimes the information is moved between realms by the collectors. Sometimes it is moved between realms by the individual. Because of this movement, individuals need readily-available tools to establish the appropriate "rules of the road" for the movement of the information.

INFORMATION, LIKE THE INDIVIDUALS TO WHOM IT RELATES, MOVE THROUGH VARIOUS REALMS CONTINUOUSLY

As the graphic demonstrates, individuals and families exist in a realm of tensions between their economic and social lives. They need information to Live, Work, Learn, Play, Move and Vote.

But they are simultaneously members of organizations, some of which are cooperative in nature (churches, schools) and some of which are competitive (businesses, political parties). The information needs of these individuals are meant to allow them to Buy, Produce, Sell, Distribute and Service their members and customers. Furthermore, given the foundation of our national economy, there are strong public interest and First Amendment benefits associated with the use of information to satisfy identified individual interests. For example, as the FCC has stated, there is value in the "dissemination of information as to who is producing and selling what product, for what reason, and at what price. So long as we preserve a predominantly free enterprise economy, the allocation of our resources in large measure will be made through numerous private economic decisions. It is a matter of public interest that those decisions, in the aggregate, be intelligent and well informed. To this end, the free flow of commercial information is indispensable." In the Matter of Unsolicited Telephone Calls, Memorandum Opinion and Order, 77 FCC 2d 1023, 1035-36 (1980).

Individuals are also simultaneously members of civic organizations and governmental units. The tension of government is between protecting liberty and ensuring security. Information is needed to provide the various functions of government, i.e., Elect, Adjudicate, Redistribute, Protect, Inform and Enforce.

As indicated previously, like the individuals involved, information about them moves fluidly through these realms. That is the value of an information economy--the fluid nature of the movement of the "components of production." Decisions to change the way information moves through these realms must be well thought out, not just politically from a pure policy perspective but from an economic one, as well.

TOOLS FOR MANAGING INFORMATION ACCESS/RESTRICTION: MEETING THE NEEDS OF THE INFORMATION MARKETPLACE

In open, pluralistic societies like the United States, the presumption is that information should flow freely, restricted only exceptionally and at the margin to accommodate broadly held societal views supporting restriction. One critical and fundamental issue increasingly associated with information access is: Should information be accessible unless affirmatively restricted, or restricted unless affirmatively made accessible. The answer to this question has profound impacts on the fundamental economics of an information market, particularly as those economics are affected by spontaneous consumption. A change in this approach (information restricted unless opened) will have significant and material impacts on an information market, both with respect to businesses and consumers.

Individuals will answer the "Access/Restriction" question idiosyncratically. One size does not and should not fit all in a pluralistic, democratic society. Utilizing different tools allows access/information restriction questions to be addressed--like the information they relate to--across a spectrum.

So what are the appropriate tools? All the research shows that individuals are increasingly losing trust in political, governmental, and some commercial institutions. What are the substitutes for Trust? The answer is Choice and Control. Where an individual has no trust relationship with an organization, more choice and control tools need to be made available.

US WEST believes that market pressures will force the private sector to the Trust-Choice-Control Model. This is the essence of self-regulation. But it is important to appreciate that this model does not necessarily require any change of current commercial behavior or "evidence of self-regulation" for regulators to review. For example, where there is trust and only internal information use, there may be nothing affirmative or visible for a regulator to see. It will be business as usual. This does not mean that no self-regulation is occurring. Rather, it means that the existing market response is adequate to the circumstances and the relationship.

BUILDING TRUST

Trust must not be minimized as a factor controlling anxiety and suspicion with respect to the collection, storage, use and distribution of information. The level of trust will often suggest the level of individual inquiry. To the extent that an individual cares about the use of personal information, he/she could be expected to inquire about the information practices of that business where there is no pre-existing "Trust" relationship. (The NTIA noted this need for more assertive individual conduct in its Privacy Report.) But much individual information is collected by businesses who have an existing business relationship with the individual from whom they collect the information. Often, this information is closely held for competitive reasons and not shared outside the business relationship.

To the extent that a business determines that sharing information with others is appropriate, the business will lose the trust of the individual with whom it has the relationship if the sharing is not disclosed and the individual later discovers that sharing has occurred in a manner at odds with that individual's expectations and the individual experiences some negative consequence. To protect against this loss of trust, some businesses will do disclosures (of what information is being collected, how it is used, etc.). Others will allow the individual to determine these information practices, through a "one time" choice mechanism or a serial process.

Furthermore, to the extent that individuals are at all unnerved about information policies or practices within an existing business relationship, in a competitive marketplace, they can seek other vendors which better meet their information policy needs. And as they enter into new relationships, individuals will become more accustomed to self-help activities, such as inquiring about the information policies or practices of businesses.

Finally, we must be realistic, understanding that there are some businesses which will just act badly with respect to data collection and use. In competitive markets these businesses, while they might secure some immediate return by these practices, will find their "sources" dry up and go away. This is the normal working of market forces, and needs no assistance from regulators, any more than poor customer service requires governmental intervention.

DEALING WITH TGI: THE ESSENCE OF EXERTING CONTROL IS THE ABILITY TO EXERCISE CHOICE

Extending Choices

Upon entering into a new relationship, an individual might not have the same level of trust that he/she has with an existing business relationship. Here, providing tools for choice and control would constitute good business practice. Such tools run the gamut from disclosure (either before or after an inquiry) to opting out or opting in, screening tools, electronic protections and barriers and others. The appropriate tools will depend on the nature of the relationship (e.g., is it expected to be one-time only or ongoing), and the nature of the information (e.g., is it particularly sensitive information?), and the potential damage from its unauthorized disclosure (e.g., will I get some advertising or will I be denied credit?).

Market pressures will force businesses to develop the right mix of tools. And the "right mix" can be assembled more quickly through market than governmental pressure.

Designing for Choice

Electronic and technical solutions will be increasingly incorporated into systems and operations as awareness grows. As individuals become more aware of choice/control options in an electronic environment, they will increasingly become aware of those tools outside the electronic sphere.

All of us are feeling our way into the new economy and society being created by information technology. To be sure, there will be highly public failures along the way. However, as a general matter (as demonstrated by past situations where problems have emerged) quick market solutions are preferable, faster and more flexible than government regulation. And, market solutions will generally "enforce" fair information practices and principles better than government regulations, which are bound by administrative procedures, time lags, and jurisdictional boundaries. Technology has contributed to the current "problem," but it is also technology that will be instrumental in crafting the global solution to these problems.

Allowing the time and flexibility for industry to devise appropriate solutions which meet the market's needs is the most difficult policy decision. It requires non-action and trust in the fundamental soundness of the economic model and the general good faith of most of the market participants. US WEST believes in both.

OPT-IN AND OPT-OUT ARE TOOLS OF CHOICE AND CONTROL

"Opt-In" satisfies customer needs. "Opt-Out," though benefiting the service provider by leveraging consumer inertia, can generate negative backlash and draw the wrath of regulators and media attention. ("Opt-In" refers to an active decision by a customer to participate, to buy service, i.e., only get it if they ask for it. "Opt-Out" means the customer receives the product or service unless they actively decline.)

"Opt-In" policies may not be burdensome to the company, depending on technology and prior design and development decisions. Retrofitting "Opt-In" can be very expensive. Types of "Opt-In" mechanisms include:

Subscription

Closed user groups

PIN/Passwords

Decryption

Pay per transaction

Electronic selectors

But even "Opt-In" must be done carefully so as not to bias the decision.

If "Opt-In" is not possible or necessary (for example, in existing business relationships), the "Opt-Out" process should be made as easy as possible for customers.

Aggressive disclosures

Screening tools

Creation of electronic barriers for customer use

CONCLUSION

Decisions about the use of information must not be made in the abstract or with too narrow a focus. Each information policy decision actually implicates and has ramifications with respect to other policy decisions.

Privacy issues are not restricted only to the use of information identifiable to an individual. Such issues are also a fundamental component of issues associated with intellectual property, access to information by law enforcement, access to suitable information content. Analysis of these relationships are as critical as those which focus on the collection and use of personal data.

The question: "Who gets access to what information under what terms and conditions and with what Enforcement tools" provides a solid foundation for analyzing most information policy issues.

Often, the party who is in the best position to answer the above question is the affected individual or organization. The policy challenge is to allow the market the flexibility to provide appropriate tools of choice and control.

The market is well primed to resolve most "privacy" issues, whether they be associated with the use of individually-identifiable information or the intrusion into one's seclusion. And, the market will only get better at it. Prescriptive regulatory mandates will only slow down the process or tend to homogenize the market solutions.

APPENDIX

The clarifying question of "Who Should Have Access to What Information Under What Terms and Conditions and With What Enforcement Tools?" helps to bring discipline to analyses associated with other information policy issues beyond "Privacy."

When undertaking such analyses, one is struck by the fact that "privacy" issues also insinuate themselves into discussions of other information access/restriction issues.

INFORMATION CONTENT AND ENTERTAINMENT

The period where content and entertainment are "broadcast" uninvited into the seclusion of the home/office is quickly coming to an end. The "privacy" of this personal and professional space is being accommodated by the ever-increasing supply of technology that can support individual customer choice and control with respect to content that is accessed and received by the individual. This allows for the "customization" of privacy.

Channel abundance brought about by the technological changes mentioned above is driving audience fragmentation. By making "narrowcasting" economically feasible, this fragmentation undermines the traditional mass market media content. This means that mass market, utility-type definitions of content standards are capable of being "deaveraged." For example, we see specialized channels which carry content that would often be considered objectionable on network television. Some individuals wish to access this content; others wish to have it excluded. Increasingly, both interests are being accommodated.

Much of the current policy framework for content is based on assumptions about bandwidth and spectrum scarcity that are no longer appropriate. Yet, the traditional beneficiaries of scarcity (e.g., broadcasters) often advocate such policies to slow development of competing media and content. The FCC's protection of broadcasters against cable television is a classic example. The political process, relying for the past fifty years on broadcast TV, is being undermined by falling viewership of traditional network TV (did you watch the conventions?). Yet, legislation and judicial precedents continue to be based on these obsolete technological models. This approach should not become the model for "privacy" policy.

A better approach, in the information content and entertainment arena as in the privacy area, is to side-step the issue of scarcity/abundance by focusing on tools for individual choice and control. Objectionable content is in the eye of the beholder. Information technology will allow individuals to assume more control over the types of content deemed "objectionable" to them. So if one finds the "Abortion Channel" or the Christian Channel repugnant, or invasive of one's seclusion or privacy, technology driven by market forces will provide the tools which allow individuals to determine their own mix of content and viewing and screen out that deemed objectionable.

NETWORK SOFTWARE AND DATA

In addressing this issue, the "Who" and "What" portions of the question are generally not particularly difficult to answer factually. The network provider clearly will have access to a large portion of the information that traverses its network. Absent disclosure, an individual will probably not assume the information will be accessed, manipulated, or disclosed.

But, once the "Who" and "What" parts of the question get answered, issues associated with "Terms and Conditions" and "Enforcement" remain as problems. Often, the inability to support the "Who" and the "What" with meaningful enforcement tools with respect to the terms and conditions suggests that the market is best postured to drive solutions in this area, rather than prescriptive governmental mandates.

Where does liability lie when a user of one network (appropriately securing information from a source) causes problems for other networks, perhaps in the form of hacking, viruses, and worms? In addition to committing a criminal offense (in many jurisdictions), has the user invaded the privacy of the effected user?

What terms and conditions and enforcement tools are appropriate if there is a failure in software purchased from a vendor, which brings down a public network, which brings down an air traffic control system, which brings down a 747?

Should there be strict liability for information networks when their users violate narrowly-defined copyright laws? The Patent Office's White Paper said "Yes." And the current debates at WIPO are about these issues. Should a conduit provider be authorized to invade a user's private space as an "agent" for a copyright owner and perhaps snuff out the allegedly objectionable conduct? What if the individual has a program which detects and "kills" the conduit provider's agent? What about the "privacy" interests of that individual? What about potential "fair use defenses?"

NETWORK ACCESS PROVIDED TO LAW ENFORCEMENT

The increasing interest in providing access to individually-identifiable information to law enforcement agencies itself raises significant privacy and information access issues. As the notion of "common carriers" gets undermined by technology, the jurisdictional reach of government to impose access requirements becomes increasingly problematic. We see this already with the FBI wiretap legislation, which only reached to the traditional telephone industry.

The competitive distortions and market results will become increasingly unacceptable. The debates over exports of encryption technology and the Clipper Chip also reflect the tension of a government simultaneously positioning itself as "pro-privacy" while advocating significant impediments to privacy-promoting technologies.

Most existing research demonstrates that individuals still have greater concern over governmental collection and use of individually-identifiable information than they do with regard to privately collected and used information. Yet, often governmental policy makers neglect or ignore governmental policies at odds with proposed private sector regulatory proposals. This creates policies at odds with themselves.

INTELLECTUAL PROPERTY LAWS

From an economic perspective, if access to information cannot be controlled, from a value perspective, free riders (often called pirates) drive the market price of information to its marginal cost, approximated by the (falling) costs of copying. The technologies of information collection, storage and use increasingly increase productivity and efficiency.

Patent and copyright laws are tools for dealing with this balancing problem. Society has deemed certain intellectual property "protected." In the past, the law and the economics reinforced each other, since copying and appropriating were difficult.

Intellectual property (IP) rights owners are sometimes asking the law to give back what technology is taking away. While the law may attempt to do so, the problem arises in terms of the Enforcement part of our basic question. An examination is needed of IP in an electronic environment that recognizes the socially evolving context of "fair use." What does morphing technology do to the concept of "parody?" Is a disembodied electronic version of a work to be considered a "performance?" What does it mean to be a library in an on-line world?

As the costs of restricting access to information become significantly greater than providing access (i.e., the entire thrust of current information technology), should the general societal and legal systems bear the costs of policing and enforcing IP rules? Should IP owners be able to conscript carriers in aid of their private enforcement actions? Or, should the rights owner be responsible for preventing violations in the first place (by developing and investing in access-restricting technologies, and incorporating these costs into their costs of doing business), much as a property owner bears the costs of erecting a fence?

As discussed above, is it a sound public policy for IP owners to be able to subscript third parties in their enforcement efforts? At whose costs? Does the "enforcee" have any rights/say in the conduct. Is it invasive of privacy to "enforce" an unrelated third party's rights in an individual's space?

Experian, formerly TRW Information Systems & Services, has taken a unique approach to regulating itself in its information services business based on a core set of five values. This paper explores Experian's privacy process, why Experian pursued this unique approach, and the market implications of Experian's self-regulatory information values. The paper will also include a general discussion of self-regulation, examples of how our values are used in everyday analysis, and the importance of dialogue in determining appropriate use of information.

EXPERIAN

Experian is a major provider of consumer and business credit, marketing, real estate, and motor vehicle information to the U.S. marketplace. Experian maintains information on 190-million American consumers, 13-million businesses, and 43-million real estate parcels. Experian is owned by Great Universal Stores.

The consumer credit reporting portion of Experian's business is regulated by the Federal Fair Credit Reporting Act. Its other information businesses are not explicitly regulated, but the use of some information obtained from government sources such as local government, state authorities and the Federal government is limited by the agencies providing the data. However, all of Experian's services, both those subject to regulation and those that are not, are governed by Experian's Information Values.

SELF-REGULATION

The Experian Information Values are one company's approach to a self-regulatory mechanism. Self-regulation is the process by which norms are set by industry code or corporate direction rather than by legislation or regulation. Examples are New York Stock Exchange rules, Direct Marketing Association guidelines and Experian Information Values.

Why Self-Regulation?

The current revolution in information processing and communication technologies has increased both the use and value of information. Older regulatory theories that evolved from an industrial economy don't apply well to a consumer/service- based economy where information is a major value-adding element. The old theories rely on rules that either prohibit or limit the uses of information. They do an adequate job of regulating historical uses of information, but are not adequate in managing emerging and future information applications. However, the public still wants to be protected from harmful uses of information, even if explicit government regulation is absent, while benefiting from the increased economic choices and competition that come with the information age. Self-regulation done well is responsive to this public demand.

Formal self-regulation in the information industry dates back to the creation of the Direct Marketing Association's Mail Preference Service in 1971. Mail preference services allow the consumer to remove himself or herself from mailing lists. The consumer literally "opts-out" of being included in lists generated for marketing, based on notice from the marketer. This past history is based on the paper-based mail medium. The explosive growth of electronic communications technologies has renewed the government's interest in the possibility of additional regulation. In response to an industry urging, the government has said that it will give self-regulation an opportunity to work before suggesting new legislation to Congress. The government has further said that self-regulation should be based on enhanced consumer knowledge. The process the government says should be followed may be summarized as follows:

Describe your information policies in ways that are clear and conspicuous to consumers, and easy to understand;

Give consumers appropriate choices;

Honor those choices.

For want of a better term, this enhanced notification process is often referred to as "Open and Honest."

What Does This Mean to Experian andCustomers?

Experian believes the public will expect Experian to make public how it gathers, stores, uses and sells information and information-based products. Therefore, all Experian businesses will be expected to give consumers sufficient knowledge about the data that we store that pertains to them. The public will also expect Experian to define appropriate use of information, and provide products and services consistent with these definitions. Experian further believes that if the information industries resist an "open and honest" approach to information management, we will probably see federal and state laws that specify how information is processed and used.

HOW VALUES DIFFER FROM FAIR INFORMATION PRACTICES

Values are more flexible than fixed, use-based rules. The values allow an organization to change its behavior as technology and public views change. That flexibility allows Experian to be more responsive to the market while limiting reputation risk.

Many organizations establish policies that list the rules employees are expected to follow when processing and using information. Such use-based rules tend to fix an organization's view of what is appropriate at a specific point in time and technology, and are, therefore, inflexible. Today, however, in the current information market one cannot make rules fast enough to both meet commercial needs and protect consumers. Therefore, Experian believes that it is more effective to apply beliefs and tools (the Experian Information Values) to a new situation to determine appropriate use of information.

Experian's rules are based on applying the values in the context of a specific business. Each Experian business unit has its own plan for implementing the values, since each business has unique

Table 1. Experian's Information Values

Partnership: We partner both with customers who offer consumers opportunities and choices, and with consumers themselves in providing appropriate information privacy.

Fairness: We consider consumer expectations about openness, disclosure, potential embarrassment and other aspects of fairness in all current and new services and activities.

Balance: We only offer products and services that assure a favorable balance of consumer benefits weighed against their privacy expectations.

Security: We protect against unauthorized access to, and alteration of, consumer information; and we provide security appropriate for the information's sensitivity.

Communication: We provide and support broad consumer education programs about financial management and information use; and we maintain ongoing dialogue with organizations outside the company about consumer and privacy issues.

issues. The values effectively assure consistency from manager to manager and from business to business. For example, Experian has a rule based on the Fairness Value that states that mail and telephone preference files must be processed against all prospect lists. However, a manager has to conduct analysis when confronted by an application involving a customer's own list. Is it enhancement of a customer's existing customers, or is it really a prospect list that requires mail preference? The final decision will be based on analysis and manager judgment.

Our values provide flexibility for the manager by giving him or her a road map for conducting analysis. For example, the Partnership Value requires the manager to look at whether an information product creates value for both users of data and consumers. The Balance Value requires the manager to look at the consumer balance between economic value and potential harm. And finally, the Communications Value requires the manager to consider how we have educated the consumers

Table 2. An Example of Values Analysis:

Data Pertaining to Families with Children

Direct marketing of lists based in part on information pertaining to children is a controversial public policy issue. Experian revisited its use of data pertaining to children in early 1996. Experian found that it was renting lists segmented by presence of children by age range and gender, but was not renting lists containing children's names. Furthermore, we required marketers to submit mail pieces for approval before we would release the list for shipment. Staff determined that all five values were important in the analysis of this issue.

Partnership showed us that segmenting by presence of children in age ranges and gender is and will continue to be an important segmentation tool for marketers. Families with children buy different products than those that do not, while families with boys buy different products than those with girls. Families also like getting mail that is targeted to their needs and life styles rather than targeted to someone else's.

In Fairness we looked at whether any laws govern the selects we offer our customers, whether we were hiding the use of presence of children, and whether we were giving and honoring opt-out.

Balance requires us to look at the benefit versus the harm to consumers. We looked at how our lists might be used by those who wanted to hurt children, and found, with our processes, there was negligible potential harm. On the benefit side, there is consumer benefit at both the macro as well as the micro level.

Security forced us to look at our process of reviewing customers and mail pieces related to presence of families with children. We added a senior management review to the process based on the analysis. List rentals

involving these selects now require approval by one of a number of designated senior managers in the target marketing business. Finally, in looking at Communication we determined that we should communicate our list practices related to sensitive data in a more active fashion, and that we should receive feedback from our Consumer Advisory Council (CAC), our formal consumer dialogue process. Experian Vice President of Target Marketing Services made a presentation to the CAC in July 1996.

Based on the values analysis, a "what we believe" paper was distributed to all Target Marketing Services employees so that they could implement the minor changes we had made, and learn from the process.

and what we have heard from others through our dialogue process. Answers based on analysis are usually superior to answers based on instinct, and analysis becomes the foundation for explaining decisions in a logical fashion to customers, policymakers and consumers.

THE HISTORY OF EXPERIAN'S VALUES APPROACH TO INFORMATION MANAGEMENT

Applying the Model to Credit Reporting

As the credit reporting industry in the U.S. consolidated from many regional and local data bases into three national systems, the consumer services side of the business did not keep up with the growth in the industry. Consumers were therefore not getting the consumer assistance they expected. By 1990, this policy slippage had become visible to the media and regulators.

In 1990, Experian, then TRW Information Systems & Services, began to develop new rules and policies to better manage the consumer assistance side of the business. In 1991, TRW began to negotiate consent decrees with 19 states and the Federal Trade Commission. Those consent agreements made many of the changes that TRW had begun to implement a legal requirement. As a result of the new consumer focus, TRW created the National Consumer Assistance Center, changed matching logic in the consumer database so that merging information on two consumers into one report would become less likely, developed an easy-to-read consumer disclosure, and adopted a complimentary credit report (the complimentary credit report was not required by the consent decrees). TRW also implemented a set of fair information practices in 1991 that measured the level of privacy risk in a very mechanical fashion, based on historic information use patterns.

Beyond Rules: Values and Principles at Work

In early 1993, TRW began to see that the rules that had been adopted in 1991 were already not supplying answers to the questions raised by the marketplace. TRW formed a task force in the Spring of 1993 to begin developing a set of values that would guide managers in their analysis of privacy questions. The task force was comprised of senior marketing managers from each of the businesses. Draft values were developed, tested and finally approved by senior management in early 1994.

While the values were not approved until 1994, we began to use them to manage the businesses in 1993 when they were at the draft stage. We, therefore, have more than three years experience in applying the values to everyday management issues. We have not confronted any issues where the values were not applicable and useful in determining appropriate information use.

Experian has worked with many of its customers to assist them in developing values or principles applicable to their businesses and business issues. Furthermore, we have applied the approach to applications as diverse as direct marketing and intelligent transportation. These tests have convinced us that the approach is flexible enough to meet most market self-regulatory needs.

DIALOGUE AND BALANCE

Balance and Communication are two values that work closely together. Balance reminds us that all consumers have an interest in information being used to create economic value for them, while not being harmed by information. Consumers are willing to accept a limited amount of risk for significant benefit. This balance is dynamic, changing as consumers better understand the risks and rewards that come from an information age.

Communication includes both education and dialogue. Experian believes that it should educate consumers about information use and, therefore, has an extensive consumer education program. Experian also believes that we should actively listen to consumers to assure we understand consumer balance, and has made dialogue both formal and informal. The formal dialogue takes place at the Experian Consumer Advisory Council that meets three times a year. The CAC is comprised of consumer and privacy leaders, customers and government officials.

ARE THE VALUES A COMPETITIVE ADVANTAGE?

Experian is often asked whether it gains a competitive advantage from self-regulation based on values. It depends. It is not an advantage when competing against organizations that are not concerned about reputational risk. They will often supply market solutions that don't match well with most fair information measures, but are not explicitly illegal. In the short run, Experian is at a competitive disadvantage because it will limit marketplace offerings to protect reputation, while the competition won't. Revenue that could be Experian's is lost to the less ethical competitor.

However, Experian believes that the competitive disadvantage will be short-lived. The market will either demand self-regulation, or explicit government intervention. At that point, Experian gains a competitive advantage in two ways. First, since Experian knows how to make decisions based on analysis that balance the interests of all parties in the partnership, it can be more aggressive in pursuing solutions for customers without crossing the boundary between appropriate and inappropriate information use. Second, since our values guide us in why an application is appropriate, we can better explain our actions to the public. These explanations plus our reputation for self-regulation will give Experian the benefit of the doubt with the public, policymakers, and the media.

Furthermore, markets are becoming global. Information companies will need to supply solutions that work as well in Hong Kong and London as they do in Memphis and San Francisco. The European Union Data Protection Directive puts forth a set of shared information management beliefs stated as principles. Experian's Information Values have been compared favorably to the directive's principles by a high ranking senior EU official. This gives Experian an advantage in the global marketplace.

CONCLUSION

Experian believes that self-regulation via values is the best approach to meeting market needs while protecting consumers from harm. Experian believes this approach better protects consumers while giving us more consistency and flexibility, and is more technologically responsive.

Self-regulation is not equivalent to a company doing anything it wants with information. Experian believes companies will be judged on how well they think through information policy, link policy to actions, communicate those policies and actions, and live up to those policies. Experian has chosen a values approach to information policy since values give us the structure to make decisions based on analysis, the flexibility to change, and an infrastructure for communications.